Количество 2
Количество 2
CVE-2025-49575
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
GHSA-4c2h-67qq-vm87
Citizen skin vulnerable to stored XSS through multiple system messages
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-49575 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1. | CVSS3: 6.5 | 0% Низкий | 8 месяцев назад |
| GHSA-4c2h-67qq-vm87 Citizen skin vulnerable to stored XSS through multiple system messages | CVSS3: 6.5 | 0% Низкий | 8 месяцев назад |
Уязвимостей на страницу