Количество 2
Количество 2
CVE-2025-49579
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
GHSA-g3cp-pq72-hjpv
starcitizentools/citizen-skin allows stored XSS in menu heading message
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-49579 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1. | CVSS3: 6.5 | 0% Низкий | 8 месяцев назад |
| GHSA-g3cp-pq72-hjpv starcitizentools/citizen-skin allows stored XSS in menu heading message | CVSS3: 6.5 | 0% Низкий | 8 месяцев назад |
Уязвимостей на страницу