starcitizentools/citizen-skin Security Advisories for v2.21.0 (6)
-
[HIGH] Citizen vulnerable to Stored XSS through short descriptions
PKSA-z3z1-w4z5-xngw CVE-2025-53370 GHSA-prmv-7r8c-794g
Affected version: >=1.9.4,<3.4.0
Reported by:
GitHub -
[HIGH] starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions
PKSA-214b-jpm9-1fvb CVE-2025-53368 GHSA-rq6g-6g94-jfr4
Affected version: >=1.9.4,<3.4.0
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin allows stored XSS in menu heading message
PKSA-68j2-x1s7-tqgv CVE-2025-49579 GHSA-g3cp-pq72-hjpv
Affected version: >=2.4.2,<3.3.1
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
PKSA-yx2v-tr3p-mp7j CVE-2025-49577 GHSA-jwr7-992g-68mh
Affected version: >=2.13.0,<3.3.1
Reported by:
GitHub -
[MEDIUM] Citizen skin vulnerable to stored XSS through multiple system messages
PKSA-r38v-6jhj-xcxw CVE-2025-49575 GHSA-4c2h-67qq-vm87
Affected version: >=2.4.2,<3.3.1
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
PKSA-vbrv-zfnd-b9m6 CVE-2024-47536 GHSA-62r2-gcxr-426x
Affected version: >=2.6.3,<2.31.0
Reported by:
GitHub