Cross-Site Scripting Risk in Citizen MediaWiki Skin
CVE-2025-53368

8.6HIGH

Key Information:

Vendor: Starcitizentools
Status: Mediawiki-skins-citizen
Vendor: CVE Published:; 3 July 2025

🔔 Create Starcitizentools Vulnerability Alert

What is CVE-2025-53368?

The Citizen MediaWiki skin, versions 1.9.4 to lower than 3.4.0, has a vulnerability where it allows inadequate sanitization of page descriptions when utilizing the old search bar. This flaw enables users with editing rights to inject malicious cross-site scripting (XSS) payloads into the Document Object Model (DOM), potentially compromising the security of users interacting with the affected pages. The issue has been rectified in version 3.4.0, emphasizing the importance of updating to secure environments.

Affected Version(s)

mediawiki-skins-Citizen >= 1.9.4, < 3.4.0 < 1.9.4, 3.4.0

mediawiki-skins-Citizen >= b2bd79196db1153d0bc1bd51a646d957cbdf4aec, < aedbceb3380bb48db6b59e272fc187529c71c8ca < b2bd79196db1153d0bc1bd51a646d957cbdf4aec, aedbceb3380bb48db6b59e272fc187529c71c8ca