
We found results for “”
CVE-2025-49578
Good to know:

Date: June 12, 2025
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by "Language::userDate" are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the "editinterface" but not the "editsitejs" user right. This vulnerability is fixed in 3.3.1.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version https://github.com/StarCitizenTools/mediawiki-skins-Citizen.git - v3.3.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |