Ashikmd7

**Name of the Vulnerable Software and Affected Versions** CodeAstro Human Resource Management System version 1.0 **Description** Cross site scripting can be triggered remotely via the manipulation of the `todo data` argument within the '/dashboard/add tod' endpoint of the Dashboard Interface component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Human Resource Management System version 1.0 **Description** A security flaw in the Projects Management Page component allows for remote cross-site scripting (XSS), which is a technique where malicious scripts are injected into trusted websites. The issue exists within the '/Projects/Add Projects' endpoint and is triggered by the manipulation of the `protitle` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Human Resource Management System version 1.0 **Description** An SQL injection issue exists within the Payroll Invoice Module. The flaw is located in the `Invoice()` function of the `applicationcontrollersPayroll.php` file, where improper handling of the `ID` argument allows for remote exploitation. **Recommendations** Update CodeAstro Human Resource Management System to a version that resolves this issue. As a temporary workaround, restrict access to the `Invoice()` function within the `applicationcontrollersPayroll.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Human Resource Management System version 1.0 **Description** A stored cross-site scripting issue exists in the Notice Board Management component within the file '/notice/All notice'. A remote attacker can execute this by manipulating the `Notice Title` argument via a POST request. Cross-site scripting is a technique where malicious scripts are injected into trusted websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.