VYPR

Packagist (Composer) package

starcitizentools/tabber-neue

pkg:composer/starcitizentools/tabber-neue

Vulnerabilities (2)

  • CVE-2025-53093HigJun 27, 2025
    affected >= 3.0.0, < 3.1.1fixed 3.1.1

    TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `` tag. Version 3.1.1 contains a patch fo

  • CVE-2025-21612HigJan 6, 2025
    affected >= 1.9.1, < 2.7.2fixed 2.7.2

    TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.