ReportizFlow
Filtered by vendor Starcitizentools
Subscriptions
Filtered by product Mediawiki-skins-citizen
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36123 | 1 Starcitizentools | 1 Mediawiki-skins-citizen | 2024-11-21 | 6.5 Medium |
| Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0. | ||||
| CVE-2024-47536 | 1 Starcitizentools | 1 Mediawiki-skins-citizen | 2024-10-04 | N/A |
| Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0. | ||||
Page 1 of 1.