CVE-2026-12130

EUVD-2026-36569
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://codeastro.com/
https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-Project-Title
https://vuldb.com/cve/CVE-2026-12130
https://vuldb.com/submit/837202
https://vuldb.com/vuln/370615
https://vuldb.com/vuln/370615/cti