A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process...

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Description

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials.

AI Analysis

Stored Cross-Site Scripting vulnerability allowing remote attackers to inject malicious JavaScript code

Basic Information

ID CVE-2026-41031

Source CERTVDE

Published Jun 9, 2026 at 09:51

Affected Product

Vendor Skilja GmbH

Product Vinna Process Monitor

Version 3.1.2

Affected Versions Skilja GmbH Vinna Process Monitor 3.1.2

CWE Classification

CWE-79

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Skilja GmbH

Product Vinna Process Monitor

Version 4.0 Service Pack 1 (Build 63255), 3.1.2

References

partner.skilja.com /uncategorized/security-advisory-stored-xss-in-vinna-process-monitor-cve-2026-41031/

{
    "lastseen": "",
    "description": "A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application.\u00a0This enables attackers to steal administrative access tokens and session credentials.",
    "published": "2026-06-09T09:51:13.463Z",
    "modified": "2026-06-09T09:51:13.463Z",
    "type": "cve",
    "title": "A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor",
    "source": "CERTVDE",
    "references": "https://partner.skilja.com/uncategorized/security-advisory-stored-xss-in-vinna-process-monitor-cve-2026-41031/",
    "id": "CVE-2026-41031",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Skilja GmbH Vinna Process Monitor 3.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vinna Process Monitor",
    "version": "3.1.2",
    "vendor": "Skilja GmbH",
    "ai_description": "Stored Cross-Site Scripting vulnerability allowing remote attackers to inject malicious JavaScript code",
    "ai_severity": "High",
    "ai_vendor": "Skilja GmbH",
    "ai_product": "Vinna Process Monitor",
    "ai_version": "4.0 Service Pack 1 (Build 63255), 3.1.2",
    "ai_score": 8.7
}

A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor_CVE-2026-41031