CNNVD-202510-2749 Information
CNNVD ID
CNNVD-202510-2749
Related CVE
- CNNVD Published: 2025-10-21
Description (Chinese)
HR Performance Solutions Performance Pro是美国HR Performance公司的一款员工绩效管理平台。 Performance Pro v3.19.17版本存在安全漏洞,该漏洞源于Future Goals功能中对Goal Name、Goal Notes、Action Step Name、Action Step Description、Note Name和Goal Description参数的特制输入处理不当,可能导致存储型跨站脚本攻击。
Description (English)
HR Personalities Performance Pro is a performance management platform for HR Personnel in the United States. The version of Performance Pro v3.19.17 contains a security loophole that originates from the improper handling of specialized input of the Future Goals parameters of Goal Name, Goal Notes, Action Step Name, Action Step Defense, Note Name and Goal Description in the Future Goals function, which may result in a storage-type cross-script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
HR Performance
Published
2025-10-21
Last Modified
2026-02-24
References
https://docs.offsecguy.com/cve/hr-performance-solutions/vulnerability/reflected-xss-future-goals https://access.redhat.com/security/cve/cve-2025-60933
Share on: