phpPgAdmin Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in phpPgAdmin versions through 7.13.0. This issue arises because user-supplied input from $_REQUEST parameters is not properly encoded or sanitized before being reflected in the HTML output. The vulnerability is present in several components, including sequences.php, indexes.php, admin.php, and potentially other unspecified files. An attacker could exploit this vulnerability to execute arbitrary JavaScript in the context of the victim's browser, leading to possible session hijacking, credential theft, or other malicious actions.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can execute malicious scripts in the context of the user's session.

Added: Nov 20, 2025, 3:26 PM

Updated: Nov 20, 2025, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.9

exploitability

7.0

remediation

0.0

relevance

1.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.9

exploitability

7.0

remediation

0.0

relevance

1.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpPgAdmin Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

phpPgAdmin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating