CVE Daily

CVE-2025-21612

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior t...

High CVSS 8.6

Overview

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.

CWE: CWE-79 Published: 2025-01-06T16:15:31.633
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.6 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags