CVE-2025-60796

Name of the Vulnerable Software and Affected Versions phpPgAdmin versions prior to 7.13.0

Description The software contains multiple cross-site scripting (XSS) issues across various components. User-supplied input from $ REQUEST parameters is reflected in HTML output without proper encoding or sanitization. Specifically, the issue is present in files including sequences.php, indexes.php, and admin.php. An attacker can exploit these issues to execute arbitrary JavaScript in a victim’s browser, potentially leading to session hijacking or credential theft.

Recommendations Update to a version newer than 7.13.0.