3 matches found
CVE-2025-53370 Citizen stored XSS vulnerability through short descriptions
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page...
CVE-2025-53370 Citizen stored XSS vulnerability through short descriptions
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page...
CVE-2025-53370
CVE-2025-53370 concerns the Citizen MediaWiki skin. Versions 1.9.4 up to 3.3.9 expose a stored XSS via the ShortDescription extension: the shortdesc is inserted into the DOM as raw HTML, enabling arbitrary HTML/JS execution by page edits. A patch exists in version 3.4.0. Public references and adv...