CVE-2026-41031
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials.
Risk Assessment
This vulnerability poses a risk of sensitive data theft, which could lead to unauthorized access to the system and potential financial and reputational losses for the organization.
Recommendation
It is recommended to update Vinna Process Monitor to the latest version to mitigate this vulnerability and implement additional security measures such as user activity monitoring.
Original NVD description (English source)
A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials.

