# Reflected XSS - Current Goals
## Reflected XSS (authenticated)
Performance Pro v3.19.17 and earlier is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities (Persistent/Type II) via POST requests to:
{% hint style="warning" %}
`/index.php?mode=mGoalSetup&job=update&id=`
{% endhint %}
### Description
The application is vulnerable to multiple instances of stored (persistent) XSS in the Current Goals functionality. Malicious input provided by an authenticated user is stored server-side and later rendered into the DOM without proper encoding or sanitization. This allows execution of arbitrary JavaScript in the context of any user viewing the affected pages.
## **Affected Endpoints and Parameters:**
**Input (create/update goal):**\
Vulnerable fields:
* Goal Name
* Goal Notes (name field)
* Action Step Name
* Notes Name
**Reflected when viewing/printing goals:**\
`GET /viewgoals.php?printview=1&type=current`\
Vulnerable fields:
* Goal Name
* Goal Description
* Action Step Description
{% hint style="danger" %}
This vulnerability allows attackers to execute malicious scripts, alter the user's interface, and potentially redirect users to malicious sites.
{% endhint %}
***
### Exploitation
* Inject malicious javascript into any of the following input fields for current goals.
* Goal Name
* Goal Description
* Action Steps Name
* Action Steps Description
* Note Name
* **Send** the crafted URL to a victim via phishing, social engineering, or any other attack vector.
* When the victim navigates to the modified URL, the application reflects the malicious input directly into the browser without sufficient sanitization.
* **The victim’s browser renders the injected payload** in the error message, allowing arbitrary script execution within the victim's browser.
### Example 1 - XSS in Updating/Creating Current Goals
* Any of the highlighted fields are vulnerable to XSS between the Update/Creation\
* Action Steps injection\
* Notes injection\
* Successful XSS exploitation\
Example 2 - XSS in View/Print of Current Goals
* Any of the highlighted fields are vulnerable to XSS in the View/Print URL\
* Successful XSS exploitation\
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.offsecguy.com/cve/hr-performance-solutions/vulnerability/reflected-xss-current-goals.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.