19 matches found
CVE-2025-60934
Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...
CVE-2025-60933
Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
CVE-2025-60932
Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
CVE-2025-60934
Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...
CVE-2025-60933
Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
EUVD-2025-35168
Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...
CVE-2025-60933
Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
CVE-2025-60932
CVE-2025-60932 describes multiple stored XSS vulnerabilities in HR Performance Solutions Performance Pro v3.19.17, exploitable via crafted payloads in Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description. The underlying issue is insufficient cleanup/es...
CVE-2025-60933
CVE-2025-60933 affects HR Performance Solutions Performance Pro v3.19.17. The vulnerability is stored XSS in the Future Goals function, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, ...
CVE-2025-60934
Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...
HR Performance Solutions Performance Pro 安全漏洞
HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance USA. A security vulnerability exists in Performance Pro version v3.19.17, which stems from improper handling of the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note...
CVE-2025-60932
Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
CVE-2025-60934
Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...
EUVD-2025-35169
Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
HR Performance Solutions Performance Pro 安全漏洞
HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance USA. A security vulnerability exists in HR Performance Solutions Performance Pro version 3.19.17, which stems from Employee Notes and title and description parameters not properly validatin...
CVE-2025-60934
CVE-2025-60934 affects HR Performance Solutions Performance Pro v3.19.17. Multiple stored XSS vulnerabilities exist in the index.php component, enabling an attacker to inject arbitrary web scripts or HTML via crafted payloads placed in Employee Notes, title, or description parameters. The underly...
EUVD-2025-35170
Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
HR Performance Solutions Performance Pro 安全漏洞
HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance, Inc. A security vulnerability exists in HR Performance Solutions Performance Pro version 3.19.17, which stems from insufficient cleanup and escaping of Goal Name, Goal Notes, Action Step...
CVE-2025-60932
Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...