CVE-2026-41031

HIGH

A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

Title source: cna

Description

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials.

References (1)

Core 1

Core References

https://partner.skilja.com/uncategorized/security-advisory-stored-xss-in-vinna-process-monitor-cve-2026-41031/

Scores

CVSS v3 8.7

EPSS 0.0024

EPSS Percentile 15.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

Skilja GmbH/Vinna Process Monitor 3.1.2 - 4.0.6

Published Jun 09, 2026

Tracked Since Jun 09, 2026