CVE-2026-12130

CVE Database · CVE-2026-12130

CVE-2026-12130

· LOWReceived

CVSS v3.1

3.5

CVSS v4.0

2.0

EPSS

0.20%

Published

Jun 12, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-94

References (6)

https://codeastro.com/

https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-Project-Title

https://vuldb.com/cve/CVE-2026-12130

https://vuldb.com/submit/837202

https://vuldb.com/vuln/370615

https://vuldb.com/vuln/370615/cti

KEV Catalog EPSS Scores Vendors All CVEs