CVE-2025-60796 — Cross-site Scripting in Project Phppgadmin

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 91.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phppgadmin Project Phppgadmin Phppgadmin Debian Phppgadmin

Timeline

PublishedNov 20

Description

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶Packagistphppgadmin/phppgadmin7.13.0

▶NVDphppgadmin_project/phppgadmin7.13.0

▶debiandebian/phppgadmin

🔴Vulnerability Details

OSV

phppgadmin vulnerable to Cross-site Scripting↗2025-11-20

▶

GHSA

phppgadmin vulnerable to Cross-site Scripting↗2025-11-20

▶

OSV

CVE-2025-60796: phpPgAdmin 7↗2025-11-20

▶

📋Vendor Advisories

Debian

CVE-2025-60796: phppgadmin - phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulne...↗2025

▶