Home > Vulnerability Database > CVE-2025-60796

Mend.io Vulnerability Database

CVE-2025-60796

Good to know:

Date: November 19, 2025

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

Severity Score

6.1

Related Resources (7)

Url: https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-60796

Url: https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316

Url: https://github.com/phppgadmin/phppgadmin

Url: https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.md

Url: https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35

Url: https://www.mend.io/vulnerability-database/CVE-2025-60796

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-60796

Good to know:

Date: November 19, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?