Lucene search
+L

16 matches found

RedhatCVE
RedhatCVE
added 2025/07/05 8:4 p.m.14 views

CVE-2025-53368

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert...

8.6CVSS5.3AI score0.00281EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.12 views

PT-2025-27830 · Mediawiki · Mediawiki Citizen Skin

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where page descriptions are inserted into raw HTML without proper sanitization when using the old search bar. This allows any user with...

8.6CVSS5.4AI score0.00281EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.7 views

PT-2025-27831 · Mediawiki +1 · Mediawiki Citizen Skin +1

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where short descriptions set via the ShortDescription extension are inserted as raw HTML, allowing any user to insert arbitrary HTML into...

8.6CVSS6.2AI score0.003EPSS
Exploits1References11
NVD
NVD
added 2025/06/12 7:15 p.m.10 views

CVE-2025-49578

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS0.0035EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/06/12 6:50 p.m.17 views

CVE-2025-49576 Citizen allows stored XSS in search no result messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...

6.5CVSS0.0035EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/06/12 6:50 p.m.12 views

CVE-2025-49578 Citizen allows stored XSS in user registration date message

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS6.8AI score0.0035EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/06/12 6:50 p.m.20 views

CVE-2025-49578 Citizen allows stored XSS in user registration date message

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS0.0035EPSS
Exploits1References3
CVE
CVE
added 2025/06/12 6:45 p.m.51 views

CVE-2025-49575

The CVE-2025-49575 issue affects the Citizen skin for MediaWiki. The underlying problem is that multiple system messages are inserted into the CommandPaletteFooter as raw HTML, enabling stored HTML injection by users who can edit those messages. This could allow arbitrary HTML execution in the af...

6.5CVSS6.9AI score0.0035EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/06/12 6:45 p.m.17 views

CVE-2025-49577 Citizen allows stored XSS in preference menu headings

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1...

6.5CVSS0.0035EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.10 views

PT-2025-25347 · Citizen · Citizen

Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue affects the Citizen MediaWiki skin, which integrates extensions into a cohesive experience. It allows users with the editinterface right to insert arbitrary HTML into the DOM by editing...

6.5CVSS6.3AI score0.0035EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.28 views

PT-2025-25348 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue affects the Citizen MediaWiki skin, where system messages in menu headings using the Menu.mustache template are inserted as raw HTML. This allows users with the editinterface right to...

6.5CVSS6.3AI score0.00345EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/05/23 10:37 a.m.8 views

CVE-2024-47536

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

4.8CVSS5.8AI score0.00434EPSS
Exploits1
CVE
CVE
added 2024/09/30 5:9 p.m.60 views

CVE-2024-47536

Citizen is a MediaWiki skin where a vulnerability allows a user with the editmyprivateinfo right (or someone who can modify their own name) to inject XSS by setting the real name to a payload. Affected components: Citizen skin and related user-info handling in includes/Components/CitizenComponent...

5.4CVSS5.7AI score0.00434EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/09/30 5:9 p.m.14 views

CVE-2024-47536 starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...

4.8CVSS6AI score0.00434EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2024/06/03 3:15 p.m.41 views

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

6.5CVSS5.9AI score0.00472EPSS
Exploits1References6
OSV
OSV
added 2024/06/03 2:17 p.m.17 views

CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

6.5CVSS6.3AI score0.00472EPSS
Exploits1References7
Rows per page
Query Builder