CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-49576

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.9%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/a0296afaedbe1a277337a2d8f1da83cb3a79b9ab
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-86xf-2mgp-gv3g

Products affected by CVE-2025-49576

Starcitizen.tools » Citizen » Version: Any

cpe:2.3:a:starcitizen.tools:citizen:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-49576

Products

Pricing

Contact Us