CVE-2026-11491NVD

Vulnerability Summary

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashik Mohamed')"> as part of POST leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Severity Level

LOW(2.4)

Published Date

Jun 8, 2026

Last Modified

Jun 8, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.03%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionRequired

ScopeUnchanged

ConfidentialityNone

IntegrityLow

AvailabilityNone

External References

https://vuldb.com/vuln/369111
https://vuldb.com/vuln/369111/cti
https://vuldb.com/cve/CVE-2026-11491
https://vuldb.com/submit/834747
https://github.com/ashikmd0507/CVE/blob/main/CVE-2026-11491/README.md
https://codeastro.com/

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11491NVD

Vulnerability Summary

External References