A vulnerability was found in CodeAstro Human Resource Management System 1.0 . It has been classified as problematic . Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface . The manipulation of the argument todo_data leads to cross site scripting. This vulnerability is listed as CVE-2026-12129 . The attack may be initiated remotely. In addition, an exploit is available.