CNNVD-202510-2750 Information

CNNVD ID

CNNVD-202510-2750

Related CVE

CVE-2025-60932

• CNNVD Published: 2025-10-21

Description (Chinese)

HR Performance Solutions Performance Pro是美国HR Performance公司的一款员工绩效管理平台。 HR Performance Solutions Performance Pro 3.19.17版本存在安全漏洞，该漏洞源于对Goal Name、Goal Notes、Action Step Name、Action Step Description、Note Name和Goal Description参数清理和转义不足，可能导致存储型跨站脚本攻击。

Description (English)

HR Personalities Performance Pro is a performance management platform for HR Personnel in the United States. There is a security loophole in version 3.19.17 of HR Personalities Personality Pro, which stems from inadequate clearance and transposition of parameters for Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name and Goal Description, which may result in storage-type cross-site attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HR Performance

Published

2025-10-21

Last Modified

2026-02-24

References

https://docs.offsecguy.com/cve/hr-performance-solutions/vulnerability/reflected-xss-current-goals https://access.redhat.com/security/cve/cve-2025-60932