CVE-2025-21612 – TabberNeue Cross-Site Scripting

CVE ID : CVE-2025-21612

Published : Jan. 6, 2025, 4:15 p.m. | 1 hour, 2 minutes ago

Description : TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn’t escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-21612 – TabberNeue Cross-Site Scripting