Description

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

INFO

Published Date :

2025-06-12T18:50:49.300Z

Last Modified :

2025-06-12T19:12:17.575Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49578 vulnerability.

Vendors Products
Starcitizen.tools
  • Citizen
Starcitizentools
  • Mediawiki-skins-citizen
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49578.

URL Resource
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact