Starcitizen.Tools

Citizen

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-53370

Medienbericht Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.07.2025 19:45:32
  • Zuletzt bearbeitet 22.08.2025 14:19:32

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to inser...

5.4

CVE-2025-53368

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.07.2025 19:34:50
  • Zuletzt bearbeitet 22.08.2025 14:20:41

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any us...

5.4

CVE-2025-49576

Exploit
  • EPSS 0.05%
  • Veröffentlicht 12.06.2025 18:50:55
  • Zuletzt bearbeitet 22.08.2025 18:56:38

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert...

5.4

CVE-2025-49578

Exploit
  • EPSS 0.05%
  • Veröffentlicht 12.06.2025 18:50:49
  • Zuletzt bearbeitet 22.08.2025 18:48:29

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. ...

4.8

CVE-2025-49579

Exploit
  • EPSS 0.06%
  • Veröffentlicht 12.06.2025 18:50:44
  • Zuletzt bearbeitet 22.08.2025 18:44:01

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML i...

5.4

CVE-2025-49575

Exploit
  • EPSS 0.05%
  • Veröffentlicht 12.06.2025 18:45:23
  • Zuletzt bearbeitet 22.08.2025 18:59:49

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Th...

5.4

CVE-2025-49577

Exploit
  • EPSS 0.05%
  • Veröffentlicht 12.06.2025 18:45:18
  • Zuletzt bearbeitet 22.08.2025 18:52:55

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixe...

5.4

CVE-2024-47536

Exploit
  • EPSS 0.8%
  • Veröffentlicht 30.09.2024 17:15:04
  • Zuletzt bearbeitet 25.08.2025 02:04:28

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is...

5.4

CVE-2024-36123

Exploit
  • EPSS 0.42%
  • Veröffentlicht 03.06.2024 15:15:08
  • Zuletzt bearbeitet 22.08.2025 15:58:19

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki n...