Stored Cross-Site Scripting Vulnerabilities in HR Performance Solutions by HR Performance Solutions
CVE-2025-60932

Currently unrated

Key Information:

Vendor: HR Performance Solutions
Status: HR Performance Solutions Performance Pro
Vendor: CVE Published:; 21 October 2025

🔔 Create HR Performance Solutions Vulnerability Alert

What is CVE-2025-60932?

HR Performance Solutions Performance Pro v3.19.17 is susceptible to multiple stored cross-site scripting (XSS) vulnerabilities. These flaws exist within the Current Goals function, allowing attackers to inject and execute arbitrary web scripts or HTML through crafted payloads in various parameters, including the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description. Users are advised to upgrade to the patched version PP-Release-6.3.2.0 to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://docs.offsecguy.com/cve/hr-performance-solutions/v...

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 26, 2025

JSON

HR Performance Solutions

What is CVE-2025-60932?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.