Cross-Site Scripting Vulnerabilities in phpPgAdmin by phpPgAdmin

CVE-2025-60796

What is CVE-2025-60796?

phpPgAdmin versions up to 7.13.0 are vulnerable to multiple cross-site scripting (XSS) flaws. These vulnerabilities arise from improper handling of user-supplied input in several components, including sequences.php, indexes.php, and admin.php. By exploiting these issues, attackers can inject and execute arbitrary JavaScript code within victims' browsers. This could result in severe consequences, such as session hijacking or unauthorized access to sensitive information, emphasizing the necessity for immediate security updates and user caution.

References