github
diff --git a/‎advisories/github-reviewed/2025/11/GHSA-h369-cpjj-qfff/GHSA-h369-cpjj-qfff.json‎
Lines changed: 73 additions & 0 deletions b/‎advisories/github-reviewed/2025/11/GHSA-h369-cpjj-qfff/GHSA-h369-cpjj-qfff.json‎
Lines changed: 73 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/11/GHSA-h369-cpjj-qfff/GHSA-h369-cpjj-qfff.json‎
Lines changed: 0 additions & 41 deletions b/‎advisories/unreviewed/2025/11/GHSA-h369-cpjj-qfff/GHSA-h369-cpjj-qfff.json‎
Lines changed: 0 additions & 41 deletions
@@ -0,0 +1,73 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h369-cpjj-qfff",
+  "modified": "2025-11-20T18:15:04Z",
+  "published": "2025-11-20T15:30:23Z",
+  "aliases": [
+    "CVE-2025-60796"
+  ],
+  "summary": "phppgadmin vulnerable to Cross-site Scripting",
+  "details": "phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied inputs from $_REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "phppgadmin/phppgadmin"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "7.13.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60796"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/phppgadmin/phppgadmin"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/phppgadmin/phppgadmin/blob/master/admin.php#L35"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/phppgadmin/phppgadmin/blob/master/indexes.php#L29"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/phppgadmin/phppgadmin/blob/master/sequences.php#L316"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60796.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-11-20T18:15:04Z",
+    "nvd_published_at": "2025-11-20T15:17:38Z"
+  }
+}