CVE-2026-11491
2.4 LOWA vulnerability was identified in CodeAstro Human Resource Management System 1.0
Published: 2026-06-08 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 2.4 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
- CWE
- CWE-79, CWE-94
Description
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashik Mohamed')"> as part of POST leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11491
- [Other]https://codeastro.com/
- [Other]https://github.com/ashikmd0507/CVE/blob/main/CVE-2026-11491/README.md
- [Other]https://vuldb.com/cve/CVE-2026-11491
- [Other]https://vuldb.com/submit/834747
- [Other]https://vuldb.com/vuln/369111
- [Other]https://vuldb.com/vuln/369111/cti
Related CVEs
Same CWE
- CVE-2025-8444 — The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based St... (6.4 MEDIUM)
- CVE-2026-46518 — OpenEMR is a free and open source electronic health records and medical practice management application (7.7 HIGH)
- CVE-2026-46517 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-46432 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-41003 — An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Secu... (7.6 HIGH)