CVE-2026-31013

Name of the Vulnerable Software and Affected Versions Dovestones Softwares ADPhonebook versions prior to 4.0.1.1

Description A reflected cross-site scripting (XSS) issue exists in the '/ADPhonebook?Department=HR' endpoint. User-supplied input provided via the search parameter is reflected in the HTTP response without proper input validation or output encoding, which allows the execution of arbitrary JavaScript in the victim's browser.

Recommendations Update to version 4.0.1.1 or newer. As a temporary workaround, avoid using the search parameter in the '/ADPhonebook?Department=HR' endpoint until the update is applied.