2 matches found
CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...
Citizen 跨站脚本漏洞
Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in Citizen versions 3.3.0 through 3.9.0, which stems from improper handling of the copyButtonAttributes function in stickyHeader.js, which could lead to a...