CVE Catalog

CVE-2026-41031

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

14th percentile - higher than 14% of all known CVEs

Summary

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials.

Risk Assessment

This vulnerability poses a risk of sensitive data theft, which could lead to unauthorized access to the system and potential financial and reputational losses for the organization.

Recommendation

It is recommended to update Vinna Process Monitor to the latest version to mitigate this vulnerability and implement additional security measures such as user activity monitoring.

Original NVD description (English source)

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS