CVE-2026-36460

Published: Giu 03, 2026 Last Modified: Giu 03, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding.

https://dovestones.com/download/

https://gist.github.com/pentestrox/16d92f8f8114ad3b34805c44…

https://gist.github.com/pentestrox/16d92f8f8114ad3b34805c449f573cef

CVE-2026-36460

Description

Iscriviti alla newsletter