Vulnerability Description
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `<tabber>` tag. Version 3.1.1 contains a patch for the bug.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b70
- https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b70
- https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b70
- https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/4cdf2
- https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/62ce0
- https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/adv
FAQ
What is CVE-2025-53093?
CVE-2025-53093 is a vulnerability with a CVSS score of 8.6 (HIGH). TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload int...
How severe is CVE-2025-53093?
CVE-2025-53093 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53093?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.