Description


Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0.

Related CPE's


Could not find any relations

Weaknesses



CWE-79CWE-80

CVSS impact metrics


Missing metrics for CVSS V

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-09-30T17:15:04.780

1 week ago

Last modified

2024-10-04T13:51:25.567

4 days ago