Description

PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and users with pem_admin or pem_super_admin privileges are able to access the Manage Charts menu.

INFO

Published Date :

2026-01-16T16:29:42.134Z

Last Modified :

2026-01-16T16:49:37.156Z

Source :

EDB
AFFECTED PRODUCTS

The following products are affected by CVE-2026-0949 vulnerability.

Vendors Products
Enterprisedb
  • Postgres Enterprise Manager
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0949.

URL Resource
https://www.enterprisedb.com/docs/security/advisories/cve20260949/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact