4 matches found
CVE-2025-49578
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...
CVE-2025-49578
Citizen is a MediaWiki skin. CVE-2025-49578 describes an XSS where date messages produced by Language::userDate are inserted into raw HTML, enabling stored XSS on wikis where a user has the editinterface right but not the editsitejs right. The issue affects Citizen versions prior to 3.3.1 and is ...
CVE-2025-49578 Citizen allows stored XSS in user registration date message
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...
ImportDump 安全漏洞
ImportDump is an open source application from Miraheze. A security vulnerability exists in ImportDump, which stems from the fact that anyone who can edit wiki interface strings can embed cross-site scripting in date messages...