Login Sign Up

CVE-2025-53093

8.6 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows any user to inject arbitrary HTML into web pages via the TabberNeue MediaWiki extension, enabling cross-site scripting (XSS) attacks. It affects MediaWiki installations using TabberNeue version 3.0.0 through 3.1.0. Attackers can execute malicious scripts in victims' browsers by crafting payloads in tabber tag attributes.

💻 Affected Systems

Products:
  • TabberNeue MediaWiki extension
Versions: 3.0.0 through 3.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects MediaWiki installations with TabberNeue extension enabled. The vulnerability is present in default configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, session hijacking, credential theft, and malware distribution to all users visiting affected pages.

🟠

Likely Case

Session hijacking, credential theft, and defacement of wiki pages through client-side script execution.

🟢

If Mitigated

Limited impact if Content Security Policy (CSP) is properly configured to block inline scripts and untrusted sources.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only basic web knowledge to craft HTML payloads. No authentication needed as any user can edit pages with tabber tags.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.1

Vendor Advisory: https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/4cdf217ef96da74a1503d1dd0bb0ed898fc2a612

Restart Required: No

Instructions:

1. Update TabberNeue extension to version 3.1.1 or later. 2. Replace the extension files with patched version. 3. Clear MediaWiki parser cache. 4. Verify the fix by checking extension version.

🔧 Temporary Workarounds

Disable TabberNeue Extension

all

Temporarily disable the TabberNeue extension to prevent exploitation.

Edit LocalSettings.php and comment out or remove: wfLoadExtension('TabberNeue');

Implement Strict Content Security Policy

all

Configure CSP headers to block inline scripts and untrusted sources.

Add to web server config: Content-Security-Policy: default-src 'self'; script-src 'self'

🧯 If You Can't Patch

  • Restrict page editing permissions to trusted users only
  • Implement web application firewall (WAF) rules to block HTML injection patterns

🔍 How to Verify

Check if Vulnerable:

Check TabberNeue extension version in MediaWiki's Special:Version page or extension directory.

Check Version:

Check MediaWiki's Special:Version page or examine includes/Tabber.php file version header.

Verify Fix Applied:

Verify extension version is 3.1.1 or later and test that HTML injection in tabber attributes is properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTML patterns in page edit logs
  • Multiple failed edit attempts with script tags
  • User reports of unexpected page behavior

Network Indicators:

  • HTTP requests containing suspicious HTML payloads in POST parameters
  • Outbound connections to unknown domains from wiki pages

SIEM Query:

source="mediawiki_logs" AND ("<script" OR "javascript:" OR "onload=" OR "onerror=") AND "tabber"

📊 Metadata

CVE ID: CVE-2025-53093
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-79
EPSS Score: 0.08% exploit probability (23.2th percentile)
Published: June 27, 2025
Last Updated: June 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53093, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)