CVE-2026-12129 MEDIUM

CVE-2026-12129: CodeAstro Human Resource Management System Dashboard add_tod cross site scripting

Vendor Codeastro
Product Human Resource Management System
Weakness CWE-79 · XSS
Published June 12, 2026
Last update June 13, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 13, 2026 Record updated