CVE-2025-49578 (GCVE-0-2025-49578)
Vulnerability from cvelistv5
Published
2025-06-12 18:50
Modified
2025-06-12 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| StarCitizenTools | mediawiki-skins-Citizen |
Version: >= 64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb, < 93c36ac778397e0e7c46cf7adb1e5d848265f1bd Version: >= 3.3.0, < 3.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49578",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T19:11:37.150490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T19:12:17.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mediawiki-skins-Citizen",
"vendor": "StarCitizenTools",
"versions": [
{
"status": "affected",
"version": "\u003e= 64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb, \u003c 93c36ac778397e0e7c46cf7adb1e5d848265f1bd"
},
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T18:50:49.300Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h"
},
{
"name": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb"
},
{
"name": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd"
}
],
"source": {
"advisory": "GHSA-2v3v-3whp-953h",
"discovery": "UNKNOWN"
},
"title": "Citizen allows stored XSS in user registration date message"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49578",
"datePublished": "2025-06-12T18:50:49.300Z",
"dateReserved": "2025-06-06T15:44:21.555Z",
"dateUpdated": "2025-06-12T19:12:17.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-49578\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-12T19:15:20.610\",\"lastModified\":\"2025-08-22T18:48:29.597\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.\"},{\"lang\":\"es\",\"value\":\"Citizen es una interfaz de MediaWiki que integra las extensiones en la experiencia cohesiva. Varios mensajes de fecha devueltos por `Language::userDate` se insertan en HTML sin formato, lo que permite que cualquiera que pueda editarlos inserte HTML arbitrario en el DOM. Esto afecta a las wikis donde un grupo tiene el permiso de usuario `editinterface` pero no el de `editsitejs`. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 3.3.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:starcitizen.tools:citizen:*:*:*:*:*:mediawiki:*:*\",\"versionEndExcluding\":\"3.3.1\",\"matchCriteriaId\":\"02337D0B-F229-4068-85B2-AB0A2C13C77E\"}]}]}],\"references\":[{\"url\":\"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49578\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-12T19:11:37.150490Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-12T19:11:40.964Z\"}}], \"cna\": {\"title\": \"Citizen allows stored XSS in user registration date message\", \"source\": {\"advisory\": \"GHSA-2v3v-3whp-953h\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"StarCitizenTools\", \"product\": \"mediawiki-skins-Citizen\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb, \u003c 93c36ac778397e0e7c46cf7adb1e5d848265f1bd\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.3.0, \u003c 3.3.1\"}]}], \"references\": [{\"url\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h\", \"name\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb\", \"name\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd\", \"name\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-12T18:50:49.300Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-49578\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-12T19:12:17.575Z\", \"dateReserved\": \"2025-06-06T15:44:21.555Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-12T18:50:49.300Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
wid-sec-w-2025-1525
Vulnerability from csaf_certbund
Published
2025-07-09 22:00
Modified
2025-07-23 22:00
Summary
MediaWiki Extensions und Skins: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
MediaWiki ist ein freies Wiki, das ursprünglich für den Einsatz auf Wikipedia entwickelt wurde.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um SQL-Injection- und XSS-Angriffe durchzuführen, Sicherheitsmechanismen zu umgehen, vertrauliche Informationen offenzulegen oder sich unbefugt höhere Berechtigungen zu verschaffen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MediaWiki ist ein freies Wiki, das urspr\u00fcnglich f\u00fcr den Einsatz auf Wikipedia entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um SQL-Injection- und XSS-Angriffe durchzuf\u00fchren, Sicherheitsmechanismen zu umgehen, vertrauliche Informationen offenzulegen oder sich unbefugt h\u00f6here Berechtigungen zu verschaffen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1525 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1525.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1525 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1525"
},
{
"category": "external",
"summary": "MediaWiki Extensions and Skins Security Release Supplement vom 2025-07-09",
"url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/B757OC4UOPKOO4EYXNPUKQY2BS4CQE2E/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4249 vom 2025-07-23",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00012.html"
}
],
"source_lang": "en-US",
"title": "MediaWiki Extensions und Skins: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-23T22:00:00.000+00:00",
"generator": {
"date": "2025-07-24T07:52:25.673+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1525",
"initial_release_date": "2025-07-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.39.13",
"product": {
"name": "Open Source MediaWiki \u003c1.39.13",
"product_id": "T044971"
}
},
{
"category": "product_version",
"name": "1.39.13",
"product": {
"name": "Open Source MediaWiki 1.39.13",
"product_id": "T044971-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.39.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.42.7",
"product": {
"name": "Open Source MediaWiki \u003c1.42.7",
"product_id": "T044972"
}
},
{
"category": "product_version",
"name": "1.42.7",
"product": {
"name": "Open Source MediaWiki 1.42.7",
"product_id": "T044972-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.42.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.43.2",
"product": {
"name": "Open Source MediaWiki \u003c1.43.2",
"product_id": "T044973"
}
},
{
"category": "product_version",
"name": "1.43.2",
"product": {
"name": "Open Source MediaWiki 1.43.2",
"product_id": "T044973-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.43.2"
}
}
}
],
"category": "product_name",
"name": "MediaWiki"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32956",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-32956"
},
{
"cve": "CVE-2025-32964",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-32964"
},
{
"cve": "CVE-2025-43861",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-43861"
},
{
"cve": "CVE-2025-49575",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-49575"
},
{
"cve": "CVE-2025-49576",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-49576"
},
{
"cve": "CVE-2025-49577",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-49577"
},
{
"cve": "CVE-2025-49578",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-49578"
},
{
"cve": "CVE-2025-49579",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-49579"
},
{
"cve": "CVE-2025-53093",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53093"
},
{
"cve": "CVE-2025-53368",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53368"
},
{
"cve": "CVE-2025-53369",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53369"
},
{
"cve": "CVE-2025-53370",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53370"
},
{
"cve": "CVE-2025-53478",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53478"
},
{
"cve": "CVE-2025-53479",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53479"
},
{
"cve": "CVE-2025-53480",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53480"
},
{
"cve": "CVE-2025-53481",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53481"
},
{
"cve": "CVE-2025-53482",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53482"
},
{
"cve": "CVE-2025-53483",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53483"
},
{
"cve": "CVE-2025-53484",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53484"
},
{
"cve": "CVE-2025-53485",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53485"
},
{
"cve": "CVE-2025-53486",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53486"
},
{
"cve": "CVE-2025-53487",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53487"
},
{
"cve": "CVE-2025-53488",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53488"
},
{
"cve": "CVE-2025-53489",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53489"
},
{
"cve": "CVE-2025-53490",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53490"
},
{
"cve": "CVE-2025-53491",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53491"
},
{
"cve": "CVE-2025-53492",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53492"
},
{
"cve": "CVE-2025-53493",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53493"
},
{
"cve": "CVE-2025-53494",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53494"
},
{
"cve": "CVE-2025-53495",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53495"
},
{
"cve": "CVE-2025-53496",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53496"
},
{
"cve": "CVE-2025-53497",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53497"
},
{
"cve": "CVE-2025-53498",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53498"
},
{
"cve": "CVE-2025-53499",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53499"
},
{
"cve": "CVE-2025-53500",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53500"
},
{
"cve": "CVE-2025-53501",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53501"
},
{
"cve": "CVE-2025-53502",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-53502"
},
{
"cve": "CVE-2025-6926",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-6926"
},
{
"cve": "CVE-2025-7056",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-7056"
},
{
"cve": "CVE-2025-7057",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-7057"
},
{
"cve": "CVE-2025-7362",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-7362"
},
{
"cve": "CVE-2025-7363",
"product_status": {
"known_affected": [
"T044973",
"T044972",
"2951",
"T044971"
]
},
"release_date": "2025-07-09T22:00:00.000+00:00",
"title": "CVE-2025-7363"
}
]
}
ghsa-2v3v-3whp-953h
Vulnerability from github
Published
2025-06-13 14:09
Modified
2025-06-13 14:09
Severity ?
VLAI Severity ?
Summary
starcitizentools/citizen-skin allows stored XSS in user registration date message
Details
Summary
Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM.
Details
The result of $this->lang->userDate( $timestamp, $this->user ) returns unescaped values, but is inserted as raw HTML by Citizen:
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/072e4365e9084e4b153eac62d3666566c06f5a49/includes/Components/CitizenComponentUserInfo.php#L55-L60
PoC
- Go to any page using citizen with the uselang parameter set to x-xss and while being logged in
Depending on the registration date of the account you're logged in with, various messages can be shown. In my case, it's
november:
Impact
This impacts wikis where a group has the editinterface but not the editsitejs user right.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "starcitizentools/citizen-skin"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-49578"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-13T14:09:00Z",
"nvd_published_at": "2025-06-12T19:15:20Z",
"severity": "MODERATE"
},
"details": "### Summary\nVarious date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM.\n\n### Details\nThe result of `$this-\u003elang-\u003euserDate( $timestamp, $this-\u003euser )` returns unescaped values, but is inserted as raw HTML by Citizen:\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/072e4365e9084e4b153eac62d3666566c06f5a49/includes/Components/CitizenComponentUserInfo.php#L55-L60\n\n### PoC\n1. Go to any page using citizen with the uselang parameter set to x-xss and while being logged in\nDepending on the registration date of the account you\u0027re logged in with, various messages can be shown. In my case, it\u0027s `november`:\n\n\n\n### Impact\nThis impacts wikis where a group has the `editinterface` but not the `editsitejs` user right.",
"id": "GHSA-2v3v-3whp-953h",
"modified": "2025-06-13T14:09:00Z",
"published": "2025-06-13T14:09:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49578"
},
{
"type": "WEB",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb"
},
{
"type": "WEB",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd"
},
{
"type": "PACKAGE",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "starcitizentools/citizen-skin allows stored XSS in user registration date message"
}
fkie_cve-2025-49578
Vulnerability from fkie_nvd
Published
2025-06-12 19:15
Modified
2025-08-22 18:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb | Patch | |
| security-advisories@github.com | https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd | Patch | |
| security-advisories@github.com | https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| starcitizen.tools | citizen | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:starcitizen.tools:citizen:*:*:*:*:*:mediawiki:*:*",
"matchCriteriaId": "02337D0B-F229-4068-85B2-AB0A2C13C77E",
"versionEndExcluding": "3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1."
},
{
"lang": "es",
"value": "Citizen es una interfaz de MediaWiki que integra las extensiones en la experiencia cohesiva. Varios mensajes de fecha devueltos por `Language::userDate` se insertan en HTML sin formato, lo que permite que cualquiera que pueda editarlos inserte HTML arbitrario en el DOM. Esto afecta a las wikis donde un grupo tiene el permiso de usuario `editinterface` pero no el de `editsitejs`. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 3.3.1."
}
],
"id": "CVE-2025-49578",
"lastModified": "2025-08-22T18:48:29.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-12T19:15:20.610",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/64cb5d7ab3a6dc0381fae54b31e8fc4afadc8beb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-2v3v-3whp-953h"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…