Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Thu, 03 Jul 2025 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0. | |
| Title | Citizen stored XSS vulnerability through short descriptions | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-07-03T19:45:32.163Z
Updated: 2025-07-03T19:45:32.163Z
Reserved: 2025-06-27T12:57:16.121Z
Link: CVE-2025-53370
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-07-03T20:15:23.893
Modified: 2025-07-03T20:15:23.893
Link: CVE-2025-53370
Redhat
No data.