Vulnerability Description
phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phppgadmin Project | Phppgadmin | <= 7.13.0 |
Related Weaknesses (CWE)
References
- https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35Product
- https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29Product
- https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316Product
- https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.mdThird Party Advisory
FAQ
What is CVE-2025-60796?
CVE-2025-60796 is a vulnerability with a CVSS score of 6.1 (MEDIUM). phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without ...
How severe is CVE-2025-60796?
CVE-2025-60796 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-60796?
Check the references section above for vendor advisories and patch information. Affected products include: Phppgadmin Project Phppgadmin.