VYPR
Get started
← All advisories
High severity8.6NVD Advisory· Published Jan 6, 2025· Updated Apr 15, 2026

CVE-2025-21612

CVE-2025-21612

Description

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
starcitizentools/tabber-neuePackagist
>= 1.9.1, < 2.7.22.7.2

Patches

2
d8c3db4e5935
https://github.com/starcitizentools/mediawiki-extensions-tabberneuevia osv
f229cab099c6
https://github.com/starcitizentools/mediawiki-extensions-tabberneuevia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.