CVE-2025-49579
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| starcitizen.tools | citizen | to 3.3.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49579 is a stored Cross-Site Scripting (XSS) vulnerability in the Citizen MediaWiki skin. It occurs because system messages used in menu headings are inserted as raw, unescaped HTML into the DOM via the Menu.mustache template. This allows any user with the 'editinterface' permission (but without 'editsitejs') to inject arbitrary HTML code into menu headings, potentially leading to malicious script execution when other users view the affected menus. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized execution of malicious scripts in the context of the affected wiki, resulting in high confidentiality and integrity impacts. An attacker with 'editinterface' rights can inject arbitrary HTML, potentially stealing sensitive information, modifying displayed content, or performing actions on behalf of other users without their consent. The attack can be performed remotely with low complexity and requires no user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your MediaWiki installation uses the Citizen skin version between commit 54c8717d45ce1594918f11cb9ce5d0ccd8dfee65 and before the patch commit 93c36ac778397e0e7c46cf7adb1e5d848265f1bd. A practical test involves visiting any article URL with the parameter `uselang=x-xss` to trigger alert pop-ups from injected system messages, indicating stored XSS. Additionally, you can audit system messages editable by users with the `editinterface` permission for any suspicious raw HTML content in menu headings. There are no specific commands provided, but inspecting the Menu.mustache template and system messages for unescaped HTML is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Citizen MediaWiki skin to version 3.3.1 or later, where this vulnerability is fixed. Until the upgrade, restrict the `editinterface` user right to trusted users only, especially ensuring that users without the `editsitejs` right cannot edit system messages that appear in menu headings. Monitoring and sanitizing system messages to prevent insertion of raw HTML can also help reduce risk. [1]