22 matches found
EUVD-2025-0009
Malicious code in bioql PyPI...
EUVD-2025-19418
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
TabberNeue is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the ability of any user to inject arbitrary HTML into the DOM through allowed attributes of the tag...
CVE-2025-53093
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...
GHSA-JFJ7-249R-7J2M TabberNeue vulnerable to Stored XSS through wikitext
Summary Arbitrary HTML can be inserted into the DOM by inserting a payload into any allowed attribute of the tag. Details The args provided within the wikitext as attributes to the tag are passed to the TabberComponentTabs class:...
TabberNeue vulnerable to Stored XSS through wikitext
Summary Arbitrary HTML can be inserted into the DOM by inserting a payload into any allowed attribute of the tag. Details The args provided within the wikitext as attributes to the tag are passed to the TabberComponentTabs class:...
CVE-2025-53093
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...
CVE-2025-53093 TabberNeue vulnerable to Stored XSS through wikitext
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...
CVE-2025-53093 TabberNeue vulnerable to Stored XSS through wikitext
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...
CVE-2025-53093 TabberNeue vulnerable to Stored XSS through wikitext
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the tag. Version 3.1.1 contains a patch for the bug...
CVE-2025-53093
CVE-2025-53093 concerns the TabberNeue MediaWiki extension. Prior to 3.1.1, any user could inject arbitrary HTML into the DOM by placing payloads in allowed attributes of the tag, enabling potential stored XSS. The issue stems from insufficient sanitization of attribute values being inserted int...
TabberNeue 安全漏洞
TabberNeue is an extension to StarCitizen.tools open source. Allows the Wiki to create tabs in pages. A security vulnerability exists in versions prior to TabberNeue 3.1.1 that stems from allowing users to insert arbitrary HTML into the DOM via the tabber tag attribute...
PT-2025-27250 · Unknown · Tabberneue
Name of the Vulnerable Software and Affected Versions: TabberNeue versions 3.0.0 through 3.1.0 Description: The issue allows any user to insert arbitrary HTML into the DOM by inserting a payload into any allowed attribute of the tag, posing a significant security risk to user data. Recommendation...
CVE-2025-21612
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...
Cross-site Scripting (XSS)
TabberNeue is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of user-supplied page names in TabberTransclude.php, allowing an XSS payload to be injected as the page name...
CVE-2025-21612
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...
Extension:TabberNeue vulnerable to Cross-site Scripting
Summary There are several sources of arbitrary, unescaped user input being used to construct HTML, which allows any user that can edit pages or otherwise render wikitext to XSS other users. Edit: Only the first XSS can be reproduced in production. Details ✅ Verified and patched in...
CVE-2025-21612 Cross-site Scripting in TabberTransclude in Extension:TabberNeue
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...
CVE-2025-21612 Cross-site Scripting in TabberTransclude in Extension:TabberNeue
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...
CVE-2025-21612 Cross-site Scripting in TabberTransclude in Extension:TabberNeue
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2...