DEBIAN-CVE-2025-60796

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-60796
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-60796.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-60796
Upstream
Published
2025-11-20T15:17:38.100Z
Modified
2025-11-22T11:10:00.609998Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

References

Affected packages

Debian:13 / phppgadmin

Package

Name
phppgadmin
Purl
pkg:deb/debian/phppgadmin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.14.7+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / phppgadmin

Package

Name
phppgadmin
Purl
pkg:deb/debian/phppgadmin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.14.7+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}