GHSA-h369-cpjj-qfff
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h369-cpjj-qfff
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-h369-cpjj-qfff/GHSA-h369-cpjj-qfff.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h369-cpjj-qfff
- Aliases
-
- CVE-2025-60796
- Published
- 2025-11-20T15:30:23Z
- Modified
- 2025-11-20T18:59:14.818177Z
- Severity
-
- 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P CVSS Calculator
- Summary
- phppgadmin vulnerable to Cross-site Scripting
- Details
-
phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied inputs from $_REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.
- Database specific
{ "github_reviewed_at": "2025-11-20T18:15:04Z", "github_reviewed": true, "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2025-11-20T15:17:38Z", "severity": "LOW" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-60796
- https://github.com/phppgadmin/phppgadmin
- https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35
- https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29
- https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316
- https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.md
Affected packages
Packagist / phppgadmin/phppgadmin
Package
- Name
- phppgadmin/phppgadmin
- Purl
- pkg:composer/phppgadmin/phppgadmin