CVE-2025-53093 TabberNeue vulnerable to Stored XSS through wikitext

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...

CVE-2025-53093 TabberNeue vulnerable to Stored XSS through wikitext

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...

CVE-2023-38007

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...

CVE-2023-38007

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...

CVE-2023-38007

CVE-2023-38007 affects IBM Cloud Pak System versions on Power (2.3.5.0; 2.3.3.7 with iFix1) and Intel (2.3.3.6 with iFix1/2; 2.3.4.0/2.3.4.1). Root cause is HTML injection (XSS) in the web UI, allowing a remote attacker to inject malicious HTML that runs in the browser within the hosting site's s...

CVE-2023-38007 IBM Cloud Pak System HTML injection

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...

CVE-2023-38007 IBM Cloud Pak System HTML injection

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing, and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak...

PT-2025-27231 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.6 through 2.3.5.0 Description: A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. This issu...

WordPress ATP Call Now plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ATP Call Now plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

PT-2025-27250 · Unknown · Tabberneue

Name of the Vulnerable Software and Affected Versions: TabberNeue versions 3.0.0 through 3.1.0 Description: The issue allows any user to insert arbitrary HTML into the DOM by inserting a payload into any allowed attribute of the tag, posing a significant security risk to user data. Recommendation...

MediaWiki >= 2.4.2 < 3.3.1 Multiple Vulnerabilities

MediaWiki is prone to multiple vulnerabilities. Note: This VT has been deprecated as it had targeted the wrong product. It is therefore no longer functional. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Cross-site Scripting

starcitizentools/citizen-skin is vulnerable to arbitrary HTML injection. The vulnerability is due to the system messages in menu headings being inserted as raw HTML without proper sanitization, allowing untrusted users with the editinterface permission to inject arbitrary HTML into the DOM...

Cross-site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to cross-site scripting XSS. The vulnerability is due to inadequate output encoding due to date messages returned by Language::userDate being directly inserted into raw HTML, allowing users with editinterface rights to inject arbitrary HTML...

HTML Injection

starcitizentools/citizen-skin is vulnerable to HTML injection. The vulnerability is due to unsanitized user-controlled input being directly inserted into raw HTML without proper validation or escaping, allowing an attacker to inject arbitrary HTML into the DOM and potentially perform Cross-Site...

HTML Injection

starcitizentools/citizen-skin is vulnerable to HTML Injection. The vulnerability is due to improper handling and lack of sanitization of user-editable messages that are directly rendered as HTML, allows an attacker to inject arbitrary HTML into the DOM...

CVE-2025-45661

A cross-site scripting XSS vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php...

HTML Injection

starcitizentools/citizen-skin is vulnerable to Arbitrary HTML injection. The vulnerability is due to system messages being inserted into the DOM as raw HTML, allowing users with editinterface rights to inject content without needing editsitejs permissions...

TencentOS Server 4: python-twisted (TSSA-2024:1067)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1067 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-49578

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...