EnterpriseDB PEM 9.8 存储型XSS漏洞 (CVE-2026-0949)

CVE-2026-0949 - PEM 9.8 Cross-site scripting Summary PEM versions prior to 9.8.1 are affected by a stored Cross-Site Scripting (XSS) vulnerability that allows users with access to the “Manage Charts” menu to inject arbitrary Javascript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and users with pem_admin or pem_super_admin privileges are able to access the “Manage Charts” menu. Vulnerability Details CVE-ID: CVE-2026-0949 CVSS Base Score: 6.5 CVSS Temporal Score: Undefined CVSS Environmental Score: Undefined CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products and Versions Affected Product: Postgres Enterprise Manager (PEM) Affected Versions: All versions prior to PEM 9.8.1. Remediation/Fixes Remediation is available in PEM 9.8.1. References https://www.first.org/cvss/calculator/3.1 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Related Information EnterpriseDB EDB Blogs link Acknowledgement Source: MITRE Change History 16 Jan 2026: Original Copy Published

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

EnterpriseDB PEM 9.8 存储型XSS漏洞 (CVE-2026-0949)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！