Description

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

INFO

Published Date :

2025-06-12T18:50:44.360Z

Last Modified :

2025-06-12T19:16:43.720Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49579 vulnerability.

Vendors Products
Mediawiki
  • Mediawiki
Starcitizen.tools
  • Citizen
Starcitizentools
  • Mediawiki-skins-citizen
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49579.

URL Resource
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/54c8717d45ce1594918f11cb9ce5d0ccd8dfee65 cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd cve-icon cve-icon
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g3cp-pq72-hjpv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact