Performance
by Tanium
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4371 | Med | 0.44 | 6.8 | 0.00 | Aug 18, 2025 | A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection. | ||
| CVE-2025-60934 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description… | ||
| CVE-2025-60933 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name,… | ||
| CVE-2025-60932 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step… | ||
| CVE-2025-15336 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an incorrect default permissions vulnerability in Performance. |
- risk 0.44cvss 6.8epss 0.00
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description…
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name,…
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step…
- CVE-2025-15336Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an incorrect default permissions vulnerability in Performance.