Stored Cross-site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to the Citizen skin inserting short descriptions from the ShortDescription extension as raw HTML, which allows an attacker to inject arbitrary HTML into the DOM by editing a page...