127 matches found
CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...
Stored Cross-site Scripting (XSS)
starcitizentools/citizen-skin is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to the Citizen skin inserting short descriptions from the ShortDescription extension as raw HTML, which allows an attacker to inject arbitrary HTML into the DOM by editing a page...
Citizen vulnerable to Stored XSS through short descriptions
Summary Short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The shortdesc property, which contains unsanitized user input, is retrieved from the OutputPage and...
Cross-site Scripting (XSS)
starcitizentools/citizen-skin is vulnerable to cross-site scripting XSS. The vulnerability is due to inadequate output encoding due to date messages returned by Language::userDate being directly inserted into raw HTML, allowing users with editinterface rights to inject arbitrary HTML...
XWiki does not require right warnings for notification displayer objects
Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification...
CVE-2025-49587
XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...
CVE-2025-49587 XWiki does not require right warnings for notification displayer objects
XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...
CVE-2025-49587 XWiki does not require right warnings for notification displayer objects
XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...
GHSA-G3CP-PQ72-HJPV starcitizentools/citizen-skin allows stored XSS in menu heading message
Summary All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The system messages for menu headings are inserted unescaped into raw HTML:...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Menu.mustache template. An attacker can execute arbitrary HTML or JavaScript code in the context of the user's browser by editing system messages for menu headings that are inserted as raw HTML. This is...
starcitizentools/citizen-skin allows stored XSS in menu heading message
Summary All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The system messages for menu headings are inserted unescaped into raw HTML:...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the citizen-search-noresults-title and citizen-search-noresults-desc system messages being inserted as raw HTML. An attacker can execute arbitrary HTML or JavaScript code in the context of users who view the...
starcitizentools/citizen-skin allows stored XSS in search no result messages
Summary The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The system messages are inserted as raw HTML by the mustache template:...
CVE-2025-49576 Citizen allows stored XSS in search no result messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...
CVE-2025-49579 Citizen allows stored XSS in menu heading message
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...
Citizen 跨站脚本漏洞
Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in Citizen versions prior to 3.3.1, which stems from the insertion of a date message returned by Language::userDate into raw HTML, which could lead to...
GHSA-4C2H-67QQ-VM87 Citizen skin vulnerable to stored XSS through multiple system messages
Summary Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The messages are retrieved using the plain output mode:...
Citizen skin vulnerable to stored XSS through multiple system messages
Summary Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The messages are retrieved using the plain output mode:...
CVE-2025-30210
CVE-2025-30210 affects Bruno (open source IDE for APIs). Prior to version 1.39.1, Bruno’s custom tooltip components used react-tooltip to render environment names as raw HTML, allowing injection of inline scripts into the DOM when a user hovers the environment name. The attack surface is limited ...
CVE-2025-25287 Lakeus vulnerable to stored XSS via system messages
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with editinterface...