Description

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

INFO

Published Date :

2025-06-12T18:45:23.363Z

Last Modified :

2025-06-12T18:58:25.445Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49575 vulnerability.

Vendors Products
Starcitizen.tools
  • Citizen
Starcitizentools
  • Mediawiki-skins-citizen
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49575.

URL Resource
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4fa69e1d062dca7e407cc0530cf1da3e2baaf0b5 cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-4c2h-67qq-vm87 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact