CVE-2025-53368
BaseFortify
Publication date: 2025-07-03
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| starcitizen.tools | citizen | From 1.9.4 (inc) to 3.4.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53368 is a stored Cross-Site Scripting (XSS) vulnerability in the Citizen skin for MediaWiki, specifically in the old search bar. The vulnerability occurs because page descriptions are inserted into raw HTML without proper sanitization, allowing any user with page editing privileges to inject malicious scripts into the search result descriptions. These scripts then execute in the browsers of users who search for those pages, potentially leading to unauthorized actions or data theft. The issue arises from rendering unsanitized user input in the search results and has been fixed by properly escaping the description content in the skin's template. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with page editing privileges to inject malicious scripts into search result descriptions. When other users search for those pages, the malicious scripts execute in their browsers, potentially leading to theft of sensitive information, session hijacking, or other malicious actions. The impact includes high confidentiality risk, with possible unauthorized data access, and some integrity and availability risks, though these are lower. The vulnerability can be exploited remotely without special privileges or user interaction beyond searching. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking if your MediaWiki Citizen skin version is between 1.9.4 and before 3.4.0 and if the old search bar is enabled with vulnerable configuration settings. You can verify the version of the Citizen skin installed. Additionally, inspect the search result descriptions for unsanitized HTML content that could contain malicious scripts. Since the vulnerability involves stored XSS in search descriptions, you can test by searching for pages with potentially malicious payloads inserted by users with edit privileges. There are no specific commands provided in the resources, but you can check the version with commands like `grep` or `cat` on the skin's version file or check the installed package version. Also, review your MediaWiki configuration for these settings: `$wgCitizenEnableCommandPalette` (should be false), `$wgCitizenSearchGateway` (should be 'mwActionApi'), and `$wgCitizenSearchDescriptionSource` (e.g., 'textextracts', 'pagedescription', 'wikidata'). [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Citizen MediaWiki skin to version 3.4.0 or later, where the vulnerability has been patched by properly sanitizing the search result descriptions. If upgrading is not immediately possible, consider disabling the old search bar or the vulnerable configuration options such as setting `$wgCitizenEnableCommandPalette` to true or changing `$wgCitizenSearchGateway` from 'mwActionApi' to another value to prevent exploitation. Also, review and restrict edit permissions to trusted users to reduce the risk of malicious payload insertion. [1, 2, 3]