CVE-2026-12130

LOW

CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting

Title source: cna

Description

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-370615 | CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting

https://vuldb.com/vuln/370615

Signature, Permissions Required signature permissions-required

VDB-370615 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/370615/cti

Third Party Advisory third-party-advisory

CVE-2026-12130 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-12130

Third Party Advisory third-party-advisory

Submit #837202 | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 Cross Site Scripting

https://vuldb.com/submit/837202

Exploit exploit

https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-Project-Title

View Exploit ZIP pw:eip

Product product

https://codeastro.com/

Scores

CVSS v3 3.5

EPSS 0.0020

EPSS Percentile 10.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

CodeAstro/Human Resource Management System 1.0

Published Jun 12, 2026

Tracked Since Jun 13, 2026