CVE-2025-53370 – Citizen MediaWiki Cross-Site Scripting (XSS)

CVE ID : CVE-2025-53370

Published : July 3, 2025, 8:15 p.m. | 43 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…