CVE-2025-21612

HIGH Year: 2025
CVSS v3 Score
8.6
High
Weakness Type
CWE-79
View all →

Vulnerability Description

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.

Related Vulnerabilities

CVE-2017-9062

HIGH
CVSS:8.6(High)

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

CWE-792017

CVE-2019-13538

HIGH
CVSS:8.6(High)

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the cont...

CWE-792019

CVE-2022-0501

HIGH
CVSS:8.6(High)

Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12.

CWE-792022

CVE-2022-2065

HIGH
CVSS:8.6(High)

Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.

CWE-792022

CVE-2022-4841

HIGH
CVSS:8.6(High)

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CWE-792022

CVE-2023-0309

HIGH
CVSS:8.6(High)

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CWE-792023