CVE-2025-62508

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...

CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...

EUVD-2024-22469

Malicious code in bioql PyPI...

EUVD-2024-22470

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the userDate function. An attacker can inject arbitrary HTML into the DOM by editing interface messages that are rendered as raw HTML. This is only exploitable if a user has the editinterface right but not t...

CVE-2025-49579 Citizen allows stored XSS in menu heading message

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

Citizen skin vulnerable to stored XSS through multiple system messages

Summary Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The messages are retrieved using the plain output mode:...

PT-2024-21993 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It affects the "/system/share/ztree category edit" API endpoint. Recommendations: For FlyCms version 1.0, as a temporary workaround,...

PT-2024-20753 · Mediawiki · Managewiki

Name of the Vulnerable Software and Affected Versions: ManageWiki affected versions not specified Description: ManageWiki is a MediaWiki extension that allows users to manage wikis. The issue arises because Special:ManageWiki does not properly escape interface messages on the columns and help key...

PT-2023-6864 · Netgate · Pfsense

Name of the Vulnerable Software and Affected Versions: Netgate pfSense version 2.7.0 Description: An issue in Netgate pfSense allows a remote attacker to execute arbitrary code via a crafted request to the interfaces gif edit.php and interfaces gre edit.php components. This is due to the lack of...