XSS Vulnerability in TabberNeue MediaWiki Extension by Star Citizen Tools
CVE-2025-21612
8.6HIGH
What is CVE-2025-21612?
The TabberNeue extension for MediaWiki allows users to create tabbed content. A vulnerability prior to version 2.7.2 exists in the TabberTransclude.php file, where user-controlled page names are not adequately sanitized. This oversight may allow an attacker to inject an XSS payload, potentially leading to unauthorized access or manipulation of user sessions. Users are strongly advised to update to version 2.7.2 or later to mitigate these risks.
Affected Version(s)
mediawiki-extensions-TabberNeue >= 1.9.1, < 2.7.2 < 1.9.1, 2.7.2
mediawiki-extensions-TabberNeue >= d8c3db4e5935476e496d979fb01f775d3d3282e6, < f229cab099c69006e25d4bad3579954e481dc566 < d8c3db4e5935476e496d979fb01f775d3d3282e6, f229cab099c69006e25d4bad3579954e481dc566