4 matches found
CVE-2025-21612
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...
CVE-2025-21612 Cross-site Scripting in TabberTransclude in Extension:TabberNeue
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...
CVE-2025-21612 Cross-site Scripting in TabberTransclude in Extension:TabberNeue
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...
CVE-2025-21612
creationtimestamp| type| source ---|---|--- 2025-01-04 20:56:13+00:00| published-proof-of-concept| https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-4x6x-8rm8-c37j 2025-01-06 15:49:55+00:00| seen|...