Packagist (Composer) package
starcitizentools/tabber-neue
pkg:composer/starcitizentools/tabber-neue
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53093 | Hig | 8.6 | >= 3.0.0, < 3.1.1 | 3.1.1 | Jun 27, 2025 | TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `` tag. Version 3.1.1 contains a patch fo | |
| CVE-2025-21612 | Hig | 8.6 | >= 1.9.1, < 2.7.2 | 2.7.2 | Jan 6, 2025 | TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2. |
- affected >= 3.0.0, < 3.1.1fixed 3.1.1
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `` tag. Version 3.1.1 contains a patch fo
- affected >= 1.9.1, < 2.7.2fixed 2.7.2
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.