Approved changes feed: RSS · Atom

cpe:2.3:a:enterprisedb:postgres_enterprise_manager_(pem):*:*:*:*:*:*:*:*

part: a version: * update: *

VendorEnterprisedb (788c5be5-c3bc-5186-8634-02d14556d9dc)
ProductPostgres Enterprise Manager (Pem) (2d60b0c5-8d30-5081-b485-2e7ed4743cfe)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-0949 vulnerable 2026-06-08 07:47:13.537323 Details available
MEDIUM (6.5)
PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and users with pem_admin or pem_super_admin privileges are able to access the Manage Charts menu.
Published: 2026-01-16T16:29:42.134Z
Updated: 2026-01-16T16:49:37.156Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.