{"url":"http://public2.vulnerablecode.io/api/packages/749271?format=json","purl":"pkg:composer/starcitizentools/citizen-skin@2.7.7","type":"composer","namespace":"starcitizentools","name":"citizen-skin","version":"2.7.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.9.0","latest_non_vulnerable_version":"3.9.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105348?format=json","vulnerability_id":"VCID-8t62-dm2e-r3de","summary":"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53370","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38044","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38221","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53370"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53370","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53370"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/c85a40bddc8651fff66df83a72debddcb34f0521","reference_id":"c85a40bddc8651fff66df83a72debddcb34f0521","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T18:57:59Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/c85a40bddc8651fff66df83a72debddcb34f0521"},{"reference_url":"https://github.com/advisories/GHSA-prmv-7r8c-794g","reference_id":"GHSA-prmv-7r8c-794g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-prmv-7r8c-794g"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-prmv-7r8c-794g","reference_id":"GHSA-prmv-7r8c-794g","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T18:57:59Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-prmv-7r8c-794g"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/releases/tag/v3.4.0","reference_id":"v3.4.0","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T18:57:59Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/releases/tag/v3.4.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378389?format=json","purl":"pkg:composer/starcitizentools/citizen-skin@3.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fzpv-yejd-8kaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/starcitizentools/citizen-skin@3.4.0"}],"aliases":["CVE-2025-53370","GHSA-prmv-7r8c-794g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8t62-dm2e-r3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105286?format=json","vulnerability_id":"VCID-ahmu-9hec-akfd","summary":"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert cross-site scripting (XSS) payloads into the DOM for other users who are searching for specific pages. This issue has been patched in version 3.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53368","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38044","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38221","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53368"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53368","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53368"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/aedbceb3380bb48db6b59e272fc187529c71c8ca","reference_id":"aedbceb3380bb48db6b59e272fc187529c71c8ca","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-03T19:50:31Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/aedbceb3380bb48db6b59e272fc187529c71c8ca"},{"reference_url":"https://github.com/advisories/GHSA-rq6g-6g94-jfr4","reference_id":"GHSA-rq6g-6g94-jfr4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rq6g-6g94-jfr4"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-rq6g-6g94-jfr4","reference_id":"GHSA-rq6g-6g94-jfr4","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-03T19:50:31Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-rq6g-6g94-jfr4"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/releases/tag/v3.4.0","reference_id":"v3.4.0","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-03T19:50:31Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/releases/tag/v3.4.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378389?format=json","purl":"pkg:composer/starcitizentools/citizen-skin@3.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fzpv-yejd-8kaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/starcitizentools/citizen-skin@3.4.0"}],"aliases":["CVE-2025-53368","GHSA-rq6g-6g94-jfr4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahmu-9hec-akfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57658?format=json","vulnerability_id":"VCID-fuvv-kg4v-r7hp","summary":"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their \"real name\" to an XSS payload. This vulnerability is fixed in 2.31.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47536","reference_id":"","reference_type":"","scores":[{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74614","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74542","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47536"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/717d16af35b10dab04d434aefddbf991fc8c168c","reference_id":"717d16af35b10dab04d434aefddbf991fc8c168c","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:24:36Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/717d16af35b10dab04d434aefddbf991fc8c168c"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/86da3e07718c8d8da6f4310386fef85599606f9b","reference_id":"86da3e07718c8d8da6f4310386fef85599606f9b","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:24:36Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/86da3e07718c8d8da6f4310386fef85599606f9b"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137","reference_id":"CitizenComponentUserInfo.php#L137","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:24:36Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47536","reference_id":"CVE-2024-47536","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47536"},{"reference_url":"https://github.com/advisories/GHSA-62r2-gcxr-426x","reference_id":"GHSA-62r2-gcxr-426x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-62r2-gcxr-426x"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-62r2-gcxr-426x","reference_id":"GHSA-62r2-gcxr-426x","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:24:36Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-62r2-gcxr-426x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33580?format=json","purl":"pkg:composer/starcitizentools/citizen-skin@2.31.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8t62-dm2e-r3de"},{"vulnerability":"VCID-ahmu-9hec-akfd"},{"vulnerability":"VCID-pkxa-rtrz-fyaz"},{"vulnerability":"VCID-wcxs-u3v9-8fep"},{"vulnerability":"VCID-xy3b-vqkx-wbb4"},{"vulnerability":"VCID-zgny-ax2q-r7fw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/starcitizentools/citizen-skin@2.31.0"}],"aliases":["CVE-2024-47536","GHSA-62r2-gcxr-426x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuvv-kg4v-r7hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97696?format=json","vulnerability_id":"VCID-pkxa-rtrz-fyaz","summary":"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49575","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36115","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36294","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49575"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49575","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49575"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4fa69e1d062dca7e407cc0530cf1da3e2baaf0b5","reference_id":"4fa69e1d062dca7e407cc0530cf1da3e2baaf0b5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T18:57:54Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4fa69e1d062dca7e407cc0530cf1da3e2baaf0b5"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd","reference_id":"93c36ac778397e0e7c46cf7adb1e5d848265f1bd","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T18:57:54Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd"},{"reference_url":"https://github.com/advisories/GHSA-4c2h-67qq-vm87","reference_id":"GHSA-4c2h-67qq-vm87","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4c2h-67qq-vm87"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-4c2h-67qq-vm87","reference_id":"GHSA-4c2h-67qq-vm87","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T18:57:54Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-4c2h-67qq-vm87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378523?format=json","purl":"pkg:composer/starcitizentools/citizen-skin@3.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8t62-dm2e-r3de"},{"vulnerability":"VCID-ahmu-9hec-akfd"},{"vulnerability":"VCID-fzpv-yejd-8kaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/starcitizentools/citizen-skin@3.3.1"}],"aliases":["CVE-2025-49575","GHSA-4c2h-67qq-vm87"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkxa-rtrz-fyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98277?format=json","vulnerability_id":"VCID-xy3b-vqkx-wbb4","summary":"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49579","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42249","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42414","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49579"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49579","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49579"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/54c8717d45ce1594918f11cb9ce5d0ccd8dfee65","reference_id":"54c8717d45ce1594918f11cb9ce5d0ccd8dfee65","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T19:16:32Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/54c8717d45ce1594918f11cb9ce5d0ccd8dfee65"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd","reference_id":"93c36ac778397e0e7c46cf7adb1e5d848265f1bd","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T19:16:32Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/93c36ac778397e0e7c46cf7adb1e5d848265f1bd"},{"reference_url":"https://github.com/advisories/GHSA-g3cp-pq72-hjpv","reference_id":"GHSA-g3cp-pq72-hjpv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g3cp-pq72-hjpv"},{"reference_url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g3cp-pq72-hjpv","reference_id":"GHSA-g3cp-pq72-hjpv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-12T19:16:32Z/"}],"url":"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g3cp-pq72-hjpv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378523?format=json","purl":"pkg:composer/starcitizentools/citizen-skin@3.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8t62-dm2e-r3de"},{"vulnerability":"VCID-ahmu-9hec-akfd"},{"vulnerability":"VCID-fzpv-yejd-8kaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/starcitizentools/citizen-skin@3.3.1"}],"aliases":["CVE-2025-49579","GHSA-g3cp-pq72-hjpv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xy3b-vqkx-wbb4"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/starcitizentools/citizen-skin@2.7.7"}