Description

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.

INFO

Published Date :

2025-06-12T18:50:55.931Z

Last Modified :

2025-06-12T19:05:48.122Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49576 vulnerability.

Vendors Products
Starcitizen.tools
  • Citizen
Starcitizentools
  • Mediawiki-skins-citizen
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49576.

URL Resource
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/a0296afaedbe1a277337a2d8f1da83cb3a79b9ab cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-86xf-2mgp-gv3g cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact