Description

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

INFO

Published Date :

2025-11-20T00:00:00.000Z

Last Modified :

2025-11-21T16:08:17.102Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60796 vulnerability.

Vendors Products
Phppgadmin
  • Phppgadmin
Phppgadmin Project
  • Phppgadmin
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60796.

URL Resource
https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35 cve-icon cve-icon
https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29 cve-icon cve-icon
https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316 cve-icon cve-icon
https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact