Cross-site Scripting (XSS)

TabberNeue is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the ability of any user to inject arbitrary HTML into the DOM through allowed attributes of the tag...

CVE-2025-53093 TabberNeue vulnerable to Stored XSS through wikitext

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...

TabberNeue 安全漏洞

TabberNeue is an extension to StarCitizen.tools open source. Allows the Wiki to create tabs in pages. A security vulnerability exists in versions prior to TabberNeue 3.1.1 that stems from allowing users to insert arbitrary HTML into the DOM via the tabber tag attribute...

CVE-2025-21612

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...

Extension:TabberNeue vulnerable to Cross-site Scripting

Summary There are several sources of arbitrary, unescaped user input being used to construct HTML, which allows any user that can edit pages or otherwise render wikitext to XSS other users. Edit: Only the first XSS can be reproduced in production. Details ✅ Verified and patched in...

PT-2025-4300 · Unknown · Tabberneue

Name of the Vulnerable Software and Affected Versions: TabberNeue versions prior to 2.7.2 Description: The issue arises from unescaped user input being used to construct HTML, allowing any user who can edit pages or render wikitext to perform cross-site scripting XSS attacks on other users...