- Description
- Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert cross-site scripting (XSS) payloads into the DOM for other users who are searching for specific pages. This issue has been patched in version 3.4.0.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
- Severity
- HIGH
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
CVE-2025-53368 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML w… https://t.co/OiYkUUPq2V
@CVEnew
3 Jul 2025
405 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-53368: HIGH] Cyber security alert: Citizen MediaWiki skin versions 1.9.4 to before 3.4.0 were vulnerable to XSS attacks when editing pages using the old search bar. Make sure to update to version 3...#cve,CVE-2025-53368,#cybersecurity https://t.co/E3nYNZb7L4 https://t.c
@CveFindCom
3 Jul 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes