CNNVD-202506-3592 Information
CNNVD ID
CNNVD-202506-3592
Related CVE
- CNNVD Published: 2025-06-27
Description (Chinese)
TabberNeue是StarCitizen.tools开源的一个扩展。允许 Wiki 在页面中创建选项卡。 TabberNeue 3.1.1之前版本存在安全漏洞,该漏洞源于允许用户通过tabber标签属性插入任意HTML到DOM。
Description (English)
TabberNeue is an extension of the StarCitizen.tools open source. Allows Wiki to create tabs on the page. The previous version of TabberNeue 3.1.1 had a security loophole, which stemmed from allowing users to insert any HTML to DOM through the Tabber label properties.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Stargate Rewritten
Published
2025-06-27
Last Modified
2026-02-24
References
https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b703ce36cfc4128e7921841f68230be4059a/includes/Components/TabberComponentTabs.php#L15-L31 https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b703ce36cfc4128e7921841f68230be4059a/includes/Tabber.php#L76 https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/3a23b703ce36cfc4128e7921841f68230be4059a/includes/templates/Tabs.mustache#L1 https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/4cdf217ef96da74a1503d1dd0bb0ed898fc2a612 https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/62ce0fcdf32bd3cfa77f92ff6b940459a14315fa https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-jfj7-249r-7j2m https://access.redhat.com/security/cve/cve-2025-53093
Patch
https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/releases
Share on: