Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

Published

2025-11-20T15:17:38.100

Last Modified

2025-11-25T19:15:25.377

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phppgadmin_project	phppgadmin	≤ 7.13.0	Yes

References

https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35 Product ([email protected])
https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29 Product ([email protected])
https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316 Product ([email protected])
https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.md Third Party Advisory ([email protected])