CVE-2025-53370
BaseFortify
Publication date: 2025-07-03
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| starcitizen.tools | citizen | From 1.9.4 (inc) to 3.4.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53370 is a stored Cross-Site Scripting (XSS) vulnerability in the Citizen skin of MediaWiki. It occurs because short descriptions set via the ShortDescription extension are inserted into the page as raw HTML without proper sanitization. This allows any user who can edit a page to inject arbitrary HTML and JavaScript into the page DOM, potentially executing malicious scripts when other users view the page. The vulnerability arises from the short description being assigned directly to a variable and then inserted into the HTML without escaping special characters. The issue was fixed by applying proper HTML escaping to the short description before insertion. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have a high impact because it allows remote attackers to execute arbitrary scripts in the context of the affected site. Since no privileges are required to exploit it and no user interaction is needed, any user can inject malicious code by editing a page's short description. This can lead to theft of sensitive information (confidentiality impact), manipulation of page content (integrity impact), and potential disruption of service (availability impact), although the latter two are considered low. The CVSS score is 8.6, indicating high severity. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Citizen skin version is between 1.9.4 and before 3.4.0, as these versions insert short descriptions as raw HTML without sanitization. Additionally, you can test for the vulnerability by adding a short description with a payload such as `{{SHORTDESC:<img src="" onerror="alert('citizen shortdescription xss')">}}` to a page using the ShortDescription extension and the Citizen skin. If a JavaScript alert appears when viewing the page, the vulnerability is present. There are no specific network commands provided, but verifying the version and testing the injection as described can detect the issue. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Citizen skin to version 3.4.0 or later, where the vulnerability has been patched by sanitizing the short description input using PHP's htmlspecialchars() function with ENT_QUOTES. If upgrading is not immediately possible, avoid allowing untrusted users to edit short descriptions or disable the ShortDescription extension temporarily to prevent exploitation. [1, 2]