Cross-site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to cross-site scripting XSS. The vulnerability is due to inadequate output encoding due to date messages returned by Language::userDate being directly inserted into raw HTML, allowing users with editinterface rights to inject arbitrary HTML...