CVE-2025-49577

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-49577
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd Patch
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/a741639085d70c22a9f49890542a142a223bf981 Patch
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jwr7-992g-68mh Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:starcitizen.tools:citizen:*:*:*:*:*:mediawiki:*:*
History

No history.

Information

Published : 2025-06-12 19:15

Updated : 2025-08-22 18:52

NVD link : CVE-2025-49577

Mitre link : CVE-2025-49577

CVE.ORG link : CVE-2025-49577

JSON object : View

Products Affected

starcitizen.tools

  • citizen
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')