Lucene search
+L

6 matches found

OpenVAS
OpenVAS
added 2025/06/20 12:0 a.m.5 views

MediaWiki >= 3.3.0 < 3.3.1 XSS Vulnerability

MediaWiki is prone to a cross-site scripting XSS vulnerability. Note: This VT has been deprecated as it had targeted the wrong product. It is therefore no longer functional. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

6.5CVSS6.1AI score0.0035EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/14 7:21 p.m.7 views

CVE-2025-49578

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS6.2AI score0.0035EPSS
Exploits1References1
NVD
NVD
added 2025/06/12 7:15 p.m.10 views

CVE-2025-49578

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS0.0035EPSS
Exploits1References3
CVE
CVE
added 2025/06/12 6:50 p.m.54 views

CVE-2025-49578

Citizen is a MediaWiki skin. CVE-2025-49578 describes an XSS where date messages produced by Language::userDate are inserted into raw HTML, enabling stored XSS on wikis where a user has the editinterface right but not the editsitejs right. The issue affects Citizen versions prior to 3.3.1 and is ...

6.5CVSS6.3AI score0.0035EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/12 6:50 p.m.12 views

CVE-2025-49578 Citizen allows stored XSS in user registration date message

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS6.8AI score0.0035EPSS
Exploits1References3
OSV
OSV
added 2025/06/12 6:50 p.m.9 views

CVE-2025-49578 Citizen allows stored XSS in user registration date message

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS6.5AI score0.0035EPSS
Exploits1References5
Rows per page
Query Builder