5 matches found
MediaWiki >= 2.4.2 < 3.3.1 Multiple Vulnerabilities
MediaWiki is prone to multiple vulnerabilities. Note: This VT has been deprecated as it had targeted the wrong product. It is therefore no longer functional. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2025-49575
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...
CVE-2025-49575 Citizen allows stored XSS in Command Palette tip messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...
CVE-2025-49575
The CVE-2025-49575 issue affects the Citizen skin for MediaWiki. The underlying problem is that multiple system messages are inserted into the CommandPaletteFooter as raw HTML, enabling stored HTML injection by users who can edit those messages. This could allow arbitrary HTML execution in the af...
CVE-2025-49575 Citizen allows stored XSS in Command Palette tip messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...