CVE-2026-12130 MEDIUM

CVE-2026-12130: CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting

Vendor Codeastro
Product Human Resource Management System
Weakness CWE-79 · XSS
Published June 12, 2026
Last update June 15, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 15, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-31883 WordPress WebinarPress plugin <= 1.33.28 - Cross Site Scripting (XSS) vulnerability CVE-2013-10028 EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting CVE-2025-57973 WordPress WP-Members Plugin <= 3.5.4.2 - Cross Site Scripting (XSS) Vulnerability CVE-2024-24865 WordPress Scroll Triggered Box Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS) CVE-2023-42479 Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct