57 matches found
CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
UBUNTU-CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
EUVD-2025-206653
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
Stored Cross Site Scripting (XSS)
starcitizentools/citizen-skin is vulnerable to Stored Cross Site Scripting XSS. The vulnerability is due to improper handling of system message content in the sticky header, where innerHTML is assigned from user-editable message text, which allows an attacker with interface message edit privilege...
Malicious code in epic-sticky-header (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3f93b024d2bd95af1da3143d362d13057affff884e7980d67172e292296b68a The package epic-sticky-header was found to contain malicious code...
EUVD-2025-37100
Malicious code in epic-sticky-header npm...
MAL-2025-49193 Malicious code in epic-sticky-header (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3f93b024d2bd95af1da3143d362d13057affff884e7980d67172e292296b68a The package epic-sticky-header was found to contain malicious code...
GHSA-G955-VW6W-V6PP Citizen vulnerable to stored XSS in sticky header button messages
Summary The JS implementation for copying button labels to the sticky header in the Citizen skin unescapes HTML characters, allowing for stored XSS through system messages. Details In the copyButtonAttributes function in stickyHeader.js, when copying the button labels, the innerHTML of the new...
EUVD-2025-34930
Citizen vulnerable to stored XSS in sticky header button messages...
Citizen vulnerable to stored XSS in sticky header button messages
Summary The JS implementation for copying button labels to the sticky header in the Citizen skin unescapes HTML characters, allowing for stored XSS through system messages. Details In the copyButtonAttributes function in stickyHeader.js, when copying the button labels, the innerHTML of the new...
CVE-2025-62508
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...
CVE-2025-62508
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...
CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...
CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...
CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...
CVE-2025-62508
CVE-2025-62508 affects the Citizen MediaWiki skin (versions 3.3.0–3.9.0). The issue is a stored XSS in the sticky header: in stickyHeader.js, copyButtonAttributes assigns innerHTML from the source element’s textContent, causing system messages (citizen-share, citizen-view-history, citizen-view-ed...
Citizen 跨站脚本漏洞
Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in Citizen versions 3.3.0 through 3.9.0, which stems from improper handling of the copyButtonAttributes function in stickyHeader.js, which could lead to a...