CVE-2025-21612
XSS Vulnerability in TabberNeue MediaWiki Extension
Description
Description
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.
CVSS Scores
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| starcitizentools | tabberneue |
AI Powered Q&A
Generated on: 2025-01-07
Can you explain this vulnerability to me?
This vulnerability is related to a MediaWiki extension called TabberNeue, which allows users to create tabs on a wiki. Before version 2.7.2, it did not properly handle user input for page names, meaning that someone could input harmful code instead of a regular page name. This could lead to a type of attack called XSS (Cross-Site Scripting), where an attacker can execute malicious scripts in the context of a user's browser.
How can this vulnerability impact me?
If you use the TabberNeue extension on your MediaWiki site and have not updated to version 2.7.2 or later, your site could be at risk. An attacker could exploit this vulnerability to run harmful scripts, potentially stealing sensitive information from users or compromising the security of your site.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?
This vulnerability could impact compliance with regulations like GDPR and HIPAA because it poses a risk to the security and privacy of user data. If an attacker successfully exploits this vulnerability, they could access personal information or sensitive data, which would violate the principles of data protection and security required by these regulations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the TabberNeue MediaWiki extension to version 2.7.2 or later, as this version includes a fix for the issue.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
Date published:
2025-01-06
Date last modified:
2025-01-06
Date generated:
2025-01-15
NVD report: