Vinna Process Monitor
Monthly
Stored cross-site scripting in Vinna Process Monitor 4.0 Service Pack 1 (Build 63255) allows authenticated low-privilege users to inject persistent JavaScript that executes in other users' browsers, enabling theft of administrative session tokens and credentials. The CVSS 4.0 score of 9.3 reflects the cross-scope impact whereby a low-privileged attacker can escalate to administrative control. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Stored cross-site scripting in Vinna Process Monitor 4.0 Service Pack 1 (Build 63255) allows authenticated low-privilege users to inject persistent JavaScript that executes in other users' browsers, enabling theft of administrative session tokens and credentials. The CVSS 4.0 score of 9.3 reflects the cross-scope impact whereby a low-privileged attacker can escalate to administrative control. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.