exploitDog

CVE-2025-60933

Опубликовано: 21 окт. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description parameters. The patched version is PP-Release-6.3.2.0.

Ссылки

https://docs.offsecguy.com/cve/hr-performance-solutions/vulnerability/reflected-xss-future-goals

EPSS

Процентиль: 12%

0.00039

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-7fg2-9v2j-j792

CVSS3: 6.1

github

4 месяца назад

Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description parameters. The patched version is PP-Release-6.3.2.0.

EPSS

Процентиль: 12%

0.00039

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79