Loading market data...
← Back to CVE feed

CVE-2026-36460

UNKNOWN View on NVD ↗

Description

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding.

Published: Jun 03, 2026 18:16 UTC Modified: Jun 04, 2026 16:26 UTC