- Description
- TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
- Severity
- HIGH
- Hype score
- Not currently trending
🚨 CVE-2025-21612 Alert! 🚨 An XSS vulnerability in the StarCitizenTools TabberNeue MediaWiki extension (prior to v2.7.2) allows malicious input in TabberTransclude.php. Fixed in v2.7.2. ⚠️ CVSS Score: 8.6 (HIGH) 📖 Full report: https://t.co/88jNZdIsfn #CyberSecurity #CVE http
@BaseFortify
7 Jan 2025
40 Impressions
1 Retweet
1 Like
1 Bookmark
1 Reply
0 Quotes
CVE-2025-21612 Cross-Site Scripting Vulnerability in TabberNeue Prior to 2.7.2 TabberNeue is an extension for MediaWiki that helps create tabs. Before version 2.7.2, there was an issue in TabberTransclude.php. It... https://t.co/xgBQ6ZXVQm
@VulmonFeeds
6 Jan 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21612 TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputti… https://t.co/L1Q7BpA4k8
@CVEnew
6 Jan 2025
334 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-21612: HIGH] TabberNeue MediaWiki extension <2.7.2 is susceptible to XSS attacks due to unescaped inputs. Update to version 2.7.2 to patch this vulnerability. #cybersecurity#cybersecurity,#vulnerability https://t.co/bCspMWEloF https://t.co/u9g8XG84d4
@CveFindCom
6 Jan 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes