starcitizentools/citizen-skin Security Advisories for v2.6.0 (4)
-
[HIGH] Citizen vulnerable to Stored XSS through short descriptions
PKSA-z3z1-w4z5-xngw CVE-2025-53370 GHSA-prmv-7r8c-794g
Affected version: >=1.9.4,<3.4.0
Reported by:
GitHub -
[HIGH] starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions
PKSA-214b-jpm9-1fvb CVE-2025-53368 GHSA-rq6g-6g94-jfr4
Affected version: >=1.9.4,<3.4.0
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin allows stored XSS in menu heading message
PKSA-68j2-x1s7-tqgv CVE-2025-49579 GHSA-g3cp-pq72-hjpv
Affected version: >=2.4.2,<3.3.1
Reported by:
GitHub -
[MEDIUM] Citizen skin vulnerable to stored XSS through multiple system messages
PKSA-r38v-6jhj-xcxw CVE-2025-49575 GHSA-4c2h-67qq-vm87
Affected version: >=2.4.2,<3.3.1
Reported by:
GitHub