EUVD-2025-19907

Malicious code in bioql PyPI...

GHSA-PRMV-7R8C-794G Citizen vulnerable to Stored XSS through short descriptions

Summary Short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The shortdesc property, which contains unsanitized user input, is retrieved from the OutputPage and...

CVE-2025-53370

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page...

PT-2025-27831 · Mediawiki +1 · Mediawiki Citizen Skin +1

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where short descriptions set via the ShortDescription extension are inserted as raw HTML, allowing any user to insert arbitrary HTML into...

CVE-2022-21710 Cross-site Scripting in ShortDescription extension

ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting XSS vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which...