# CVEs

## CVEs



## OvalEdge

- [OvalEdge 5.2.8.0 Vulnerability Disclosures](https://docs.offsecguy.com/cve/ovaledge/ovaledge-5.2.8.0-vulnerability-disclosures.md): Discoverer: Giovanni Heward
- [Sensitive Data Exposure](https://docs.offsecguy.com/cve/ovaledge/vulnerabilities/sensitive-data-exposure.md): OvalEdge 5.2.8.0 and earlier is affected by multiple Sensitive Data Exposure vulnerabilities.
- [Account Takeover](https://docs.offsecguy.com/cve/ovaledge/vulnerabilities/account-takeover.md): OvalEdge 5.2.8.0 and earlier is affected by multiple account takeover vulnerabilities.
- [Privilege Escalation](https://docs.offsecguy.com/cve/ovaledge/vulnerabilities/privilege-escalation.md): OvalEdge 5.2.8.0 and earlier is affected by privilege escalation vulnerabilities.
- [Stored XSS](https://docs.offsecguy.com/cve/ovaledge/vulnerabilities/stored-xss.md): OvalEdge 5.2.8.0 and earlier is affected by Stored XSS (AKA Persistent or Type II) vulnerabilities.

## Infor

- [Infor Global HR | Reflected Cross-Site Scripting (XSS) Disclosure](https://docs.offsecguy.com/cve/infor/infor-global-hr-or-reflected-cross-site-scripting-xss-disclosure.md): Discoverer: Paul Goodrich, Giovanni Heward, Adam Hainline, Tyler Gleave, Dan Gilbert
- [Reflected XSS](https://docs.offsecguy.com/cve/infor/vulnerability/reflected-xss.md): Infor Global HR v11.23.03.00.21 and prior is affected by Reflected XSS (AKA Non-Persistent or Type I) vulnerability.
- [Insecure direct object references (IDOR)](https://docs.offsecguy.com/cve/infor/vulnerability/insecure-direct-object-references-idor.md): Infor Global HR 11.24.10.01.33 and prior are affected by an Insecure Direct Object Reference (IDOR) vulnerability.

## Cornerstone

- [Cornerstone OnDemand LMS v24.2.5.32 | Insecure Direct Object Reference (IDOR) Disclosures](https://docs.offsecguy.com/cve/cornerstone/csod.md): Discoverer: Dan Gilbert, Giovanni Heward
- [IDOR1](https://docs.offsecguy.com/cve/cornerstone/vulnerabilities/idor1.md): A Business Logic Vulnerability and Insecure Direct Object Reference (IDOR) was discovered in Cornerstone OnDemand LMS v24.2.5.32.
- [IDOR2](https://docs.offsecguy.com/cve/cornerstone/vulnerabilities/idor2.md): A Business Logic Vulnerability and Insecure Direct Object Reference (IDOR) was discovered in Cornerstone OnDemand LMS v24.2.5.32.

## HR Performance Solutions

- [Performance Pro v3.19.17 | Reflected Cross-Site Scripting (XSS) Disclosures](https://docs.offsecguy.com/cve/hr-performance-solutions/performance-pro-v3.19.17-or-reflected-cross-site-scripting-xss-disclosures.md): Discoverer: Paul Goodrich, ...
- [Reflected XSS - Employee Notes](https://docs.offsecguy.com/cve/hr-performance-solutions/vulnerability/reflected-xss-employee-notes.md): Performance Pro v3.19.17 and earlier is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities (Persistent/Type II)
- [Reflected XSS - Future Goals](https://docs.offsecguy.com/cve/hr-performance-solutions/vulnerability/reflected-xss-future-goals.md): Performance Pro v3.19.17 and earlier is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities (Persistent/Type II)
- [Reflected XSS - Current Goals](https://docs.offsecguy.com/cve/hr-performance-solutions/vulnerability/reflected-xss-current-goals.md): Performance Pro v3.19.17 and earlier is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities (Persistent/Type II)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on a page URL with the `ask` query parameter:
```
GET https://docs.offsecguy.com/cve/cves.md?ask=<question>
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.