Starcitizentools Mediawiki-skins-citizen
10 CVEs affecting Starcitizentools Mediawiki-skins-citizen. Latest disclosed: 2025-10-17. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-53370 | High | 8.6 | 2025-07-03 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDes… |
CVE-2025-53368 | High | 8.6 | 2025-07-03 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw… |
CVE-2025-62508 | Medium | 6.5 | 2025-10-17 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in… |
CVE-2025-49579 | Medium | 6.5 | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are in… |
CVE-2025-49578 | Medium | 6.5 | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw… |
CVE-2025-49577 | Medium | 6.5 | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody wh… |
CVE-2025-49576 | Medium | 6.5 | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system… |
CVE-2025-49575 | Medium | 6.5 | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw H… |
CVE-2024-36123 | Medium | 6.5 | 2024-06-03 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML… |
CVE-2024-47536 | Medium | 5.4 | 2024-09-30 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their na… |