Codeastro · Codeastro Human Resource Management System · CVE-2026-11491
**Name of the Vulnerable Software and Affected Versions**
CodeAstro Human Resource Management System version 1.0
**Description**
A stored cross-site scripting issue exists in the Notice Board Management component within the file '/notice/All notice'. A remote attacker can execute this by manipulating the `Notice Title` argument via a POST request. Cross-site scripting is a technique where malicious scripts are injected into trusted websites.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.