CVE-2025-29152

Published: May 7, 2025

Modified: May 7, 2025

PUBLISHED

Description

Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Registration, Hierarchical Level Registration, Decision Level Registration, Perspective Registration, Company Group Registration, Company Registration, News Registration, Employee Editing, Goal Team Registration, Learning Resource Type Registration, Learning Resource Family Registration, Learning Resource Supplier Registration, and Cycle Maintenance.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://medium.com/@worzyus/poc-2fd1d2ec1eb9

https://wellington-almeida.medium.com/poc-2fd1d2ec1eb9

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-29152

Description

Affected Products

References