CVE-2025-45879

A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45878

A cross-site scripting XSS vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45878

CVE-2025-45878 is an XSS vulnerability in the report manager function of Miliaris Amigdala v2.2.6. The issue allows an attacker to cause arbitrary HTML to execute in the context of a user’s browser via a crafted payload. The provided metrics indicate a CVSS v3.1 base score of 6.1 (MEDIUM), with n...

CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45879

A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a hacker to execute arbitrary HTML code.

The vulnerability of the web interface of IBM OpenPages and IBM OpenPages with Watson relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...

PT-2025-25740 · Unknown · Miliaris Amigdala

Name of the Vulnerable Software and Affected Versions: Miliaris Amigdala version 2.2.6 Description: A cross-site scripting XSS issue in the report manager function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. Recommendations: For Miliaris...

CVE-2025-45879

A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-49579

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

starcitizentools/citizen-skin allows stored XSS in user registration date message

Summary Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The result of $this-lang-userDate $timestamp, $this-user returns unescaped values, but is inserted as raw HTML by...

GHSA-2V3V-3WHP-953H starcitizentools/citizen-skin allows stored XSS in user registration date message

Summary Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The result of $this-lang-userDate $timestamp, $this-user returns unescaped values, but is inserted as raw HTML by...

starcitizentools/citizen-skin allows stored XSS in menu heading message

Summary All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The system messages for menu headings are inserted unescaped into raw HTML:...

starcitizentools/citizen-skin allows stored XSS in preference menu heading messages

Summary Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The innerHtml of the label div is set to the textContent of the label, essentially unsanitizing the system messages:...

CVE-2025-49578

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

CVE-2025-49577

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1...

CVE-2025-49579

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

CVE-2025-49576

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...

CVE-2025-49576 Citizen allows stored XSS in search no result messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...

CVE-2025-49578

Citizen is a MediaWiki skin. CVE-2025-49578 describes an XSS where date messages produced by Language::userDate are inserted into raw HTML, enabling stored XSS on wikis where a user has the editinterface right but not the editsitejs right. The issue affects Citizen versions prior to 3.3.1 and is ...