Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.
References
Configurations
History
22 Aug 2025, 18:52
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:starcitizen.tools:citizen:*:*:*:*:*:mediawiki:*:* | |
| First Time |
Starcitizen.tools
Starcitizen.tools citizen |
|
| References | () https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd - Patch | |
| References | () https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/a741639085d70c22a9f49890542a142a223bf981 - Patch | |
| References | () https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jwr7-992g-68mh - Exploit, Vendor Advisory |
16 Jun 2025, 12:32
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-06-12 19:15
Updated : 2025-08-22 18:52
NVD link : CVE-2025-49577
Mitre link : CVE-2025-49577
CVE.ORG link : CVE-2025-49577
JSON object : View
Products Affected
starcitizen.tools
- citizen
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')