XSS Vulnerability in TabberNeue MediaWiki Extension by Star Citizen Tools
CVE-2025-21612
What is CVE-2025-21612?
The TabberNeue extension for MediaWiki allows users to create tabbed content. A vulnerability prior to version 2.7.2 exists in the TabberTransclude.php file, where user-controlled page names are not adequately sanitized. This oversight may allow an attacker to inject an XSS payload, potentially leading to unauthorized access or manipulation of user sessions. Users are strongly advised to update to version 2.7.2 or later to mitigate these risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
mediawiki-extensions-TabberNeue >= 1.9.1, < 2.7.2 < 1.9.1, 2.7.2
mediawiki-extensions-TabberNeue >= d8c3db4e5935476e496d979fb01f775d3d3282e6, < f229cab099c69006e25d4bad3579954e481dc566 < d8c3db4e5935476e496d979fb01f775d3d3282e6, f229cab099c69006e25d4bad3579954e481dc566
References
CVSS V3.1
Timeline
Vulnerability published