Performance
by Tanium
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4371 | Med | 0.44 | 6.8 | 0.00 | Aug 18, 2025 | A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection. | ||
| CVE-2025-60934 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched version is PP-Release-6.3.2.0. | ||
| CVE-2025-60933 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description parameters. The patched version is PP-Release-6.3.2.0. | ||
| CVE-2025-60932 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description parameters. The patched version is PP-Release-6.3.2.0. | ||
| CVE-2025-15336 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an incorrect default permissions vulnerability in Performance. |
- risk 0.44cvss 6.8epss 0.00
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched version is PP-Release-6.3.2.0.
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description parameters. The patched version is PP-Release-6.3.2.0.
- risk 0.40cvss 6.1epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description parameters. The patched version is PP-Release-6.3.2.0.
- CVE-2025-15336Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an incorrect default permissions vulnerability in Performance.