A vulnerability classified as problematic was found in HR Performance Solutions Performance Pro 3.19.17. This impacts an unknown function of the file index.php. Executing manipulation of the argument Employee Notes/title/description can lead to cross site scripting.

This vulnerability is registered as CVE-2025-60934. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.