CVE-2026-12129

CodeAstro Human Resource Management System Dashboard add_tod cross site scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79 CWE-94

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

CodeAstro · Human Resource Management System

public PoCs found — 1

cve_referencegithub.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-TO-DO-LISTunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://codeastro.com/https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-TO-DO-LIST https://vuldb.com/cve/CVE-2026-12129 https://vuldb.com/submit/837196 https://vuldb.com/vuln/370614 https://vuldb.com/vuln/370614/cti