Cross-Site Scripting Vulnerabilities in phpPgAdmin by phpPgAdmin
CVE-2025-60796

6.1MEDIUM

Key Information:

Vendor: phpPgAdmin
Status: phpPgAdmin
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-60796?

phpPgAdmin versions up to 7.13.0 are vulnerable to multiple cross-site scripting (XSS) flaws. These vulnerabilities arise from improper handling of user-supplied input in several components, including sequences.php, indexes.php, and admin.php. By exploiting these issues, attackers can inject and execute arbitrary JavaScript code within victims' browsers. This could result in severe consequences, such as session hijacking or unauthorized access to sensitive information, emphasizing the necessity for immediate security updates and user caution.

References

https://github.com/phppgadmin/phppgadmin/blob/master/sequ...

https://github.com/phppgadmin/phppgadmin/blob/master/inde...

https://github.com/phppgadmin/phppgadmin/blob/master/admi...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Sep 26, 2025

JSON