CVE-2025-60933

Name of the Vulnerable Software and Affected Versions HR Performance Solutions Performance Pro versions prior to 6.3.2.0

Description The software contains multiple stored cross-site scripting (XSS) issues within the Future Goals function. These issues allow attackers to inject crafted payloads into several parameters, potentially leading to the execution of arbitrary web scripts or HTML. The affected parameters include Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description.

Recommendations Update to version 6.3.2.0 or later.