CVE Catalog

CVE-2026-12129

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. The issue affects some unknown functionality of the file /dashboard/add_tod in the Dashboard Interface, where manipulation of the argument todo_data leads to cross-site scripting.

Risk Assessment

An attacker may remotely exploit this vulnerability, posing a risk of session hijacking or data theft.

Recommendation

It is recommended to update the system to the latest version and implement input data filtering to prevent XSS attacks.

Original NVD description (English source)

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS