starcitizentools/citizen-skin Security Advisories for v2.40.2 (6)
-
[HIGH] Citizen vulnerable to Stored XSS through short descriptions
PKSA-z3z1-w4z5-xngw CVE-2025-53370 GHSA-prmv-7r8c-794g
Affected version: >=1.9.4,<3.4.0
Reported by:
GitHub -
[HIGH] starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions
PKSA-214b-jpm9-1fvb CVE-2025-53368 GHSA-rq6g-6g94-jfr4
Affected version: >=1.9.4,<3.4.0
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin allows stored XSS in menu heading message
PKSA-68j2-x1s7-tqgv CVE-2025-49579 GHSA-g3cp-pq72-hjpv
Affected version: >=2.4.2,<3.3.1
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
PKSA-yx2v-tr3p-mp7j CVE-2025-49577 GHSA-jwr7-992g-68mh
Affected version: >=2.13.0,<3.3.1
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin allows stored XSS in search no result messages
PKSA-xvfx-fm8m-bmds CVE-2025-49576 GHSA-86xf-2mgp-gv3g
Affected version: >=2.31.0,<3.3.1
Reported by:
GitHub -
[MEDIUM] Citizen skin vulnerable to stored XSS through multiple system messages
PKSA-r38v-6jhj-xcxw CVE-2025-49575 GHSA-4c2h-67qq-vm87
Affected version: >=2.4.2,<3.3.1
Reported by:
GitHub