Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-60796

Опубликовано: 20 нояб. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.1

Описание

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

jammy

needs-triage

noble

needs-triage

plucky

ignored

end of life, was needs-triage
questing

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 18%
0.00056
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-60796

CVSS3: 6.1
nvd
3 месяца назад

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

debian логотип

CVE-2025-60796

CVSS3: 6.1
debian
3 месяца назад

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...

github логотип

GHSA-h369-cpjj-qfff

github
3 месяца назад

phppgadmin vulnerable to Cross-site Scripting

fstec логотип

BDU:2025-14877

CVSS3: 6.1
fstec
3 месяца назад

Уязвимость сценариев sequites.php, indexes.php, admin.php веб-инструмента администрирования СУБД PostgreSQL phpPgAdmin, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)

EPSS

Процентиль: 18%
0.00056
Низкий

6.1 Medium

CVSS3