Vulnerabilities

CVE-2026-0949 - PEM Stored Cross-site Scripting (XSS) Vulnerability

2026-01-16 0 views admin
CVE-2026-0949 - PEM Stored Cross-site Scripting (XSS) Vulnerability

CVE ID : CVE-2026-0949 Published : Jan. 16, 2026, 5:15 p.m. | 59 minutes ago Description : PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and users with pem_admin or pem_super_admin privileges are able to access the Manage Charts menu. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
MEDIUM
Published
Jan. 16, 2026
Impact: XSS

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-0949medium

More from Vulnerabilities

CVE-2025-71020 - Tenda AX-1806 Stack Overflow Denial of Service

CVE-2025-71020 - Tenda AX-1806 Stack Overflow Denial of Service

2026-01-16 0
CVE-2025-70746 - Tenda AX-1806 Stack-Based Buffer Overflow Vulnerability

CVE-2025-70746 - Tenda AX-1806 Stack-Based Buffer Overflow Vulnerability

2026-01-16 0
CVE-2024-44238 - Apple iOS/ iPadOS Memory Corruption Vulnerability

CVE-2024-44238 - Apple iOS/ iPadOS Memory Corruption Vulnerability

2026-01-16 0
CVE-2024-54556 - Apple iOS Lock Screen Restricted Content Disclosure Vulnerability

CVE-2024-54556 - Apple iOS Lock Screen Restricted Content Disclosure Vulnerability

2026-01-16 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views