Description

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

INFO

Published Date :

2025-11-20T00:00:00.000Z

Last Modified :

2025-11-20T14:56:39.625Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60796 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60796.

URL Resource
https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35 cve-icon cve-icon
https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29 cve-icon cve-icon
https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316 cve-icon cve-icon
https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System