Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/starcitizentools/tabber-neue@2.7.2

Type composer

Namespace starcitizentools

Name tabber-neue

Version 2.7.2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.1.1

Latest_non_vulnerable_version 3.1.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-cb3a-wtdm-8bc1

vulnerability_id VCID-cb3a-wtdm-8bc1

summary

Extension:TabberNeue vulnerable to Cross-site Scripting
There are several sources of arbitrary, unescaped user input being used to construct HTML, which allows any user that can edit pages or otherwise render wikitext to XSS other users.

> Edit: Only the first XSS can be reproduced in production.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-21612

reference_id

reference_type

scores

value	0.00258
scoring_system	epss
scoring_elements	0.49448
published_at	2026-06-06T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49413
published_at	2026-06-09T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49401
published_at	2026-06-08T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4943
published_at	2026-06-07T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49438
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-21612

reference_url

https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue

reference_url

https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/d8c3db4e5935476e496d979fb01f775d3d3282e6

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-06T16:51:40Z/

url

https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/d8c3db4e5935476e496d979fb01f775d3d3282e6

reference_url

https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/f229cab099c69006e25d4bad3579954e481dc566

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-06T16:51:40Z/

url

https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/commit/f229cab099c69006e25d4bad3579954e481dc566

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-21612

reference_id

CVE-2025-21612

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-21612

reference_url

https://github.com/advisories/GHSA-4x6x-8rm8-c37j

reference_id

GHSA-4x6x-8rm8-c37j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4x6x-8rm8-c37j

reference_url

https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-4x6x-8rm8-c37j

reference_id

GHSA-4x6x-8rm8-c37j

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-06T16:51:40Z/

url

https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/security/advisories/GHSA-4x6x-8rm8-c37j

fixed_packages

url	pkg:composer/starcitizentools/tabber-neue@2.7.2
purl	pkg:composer/starcitizentools/tabber-neue@2.7.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/starcitizentools/tabber-neue@2.7.2

aliases CVE-2025-21612, GHSA-4x6x-8rm8-c37j

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cb3a-wtdm-8bc1

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/starcitizentools/tabber-neue@2.7.2

Package Instance