CVE-2025-49579
CVE-2025-49579 affects the Citizen MediaWiki skin. The vulnerability arises because all system messages in Menu.mustache are inserted as raw HTML, enabling stored XSS when a user with editinterface but lacking editsitejs can edit messages. Affected versions are prior to Citizen 3.3.1, with fixed ...