CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

July 3, 2025

CVE ID : CVE-2025-53368

Published : July 3, 2025, 8:15 p.m. | 3 hours, 14 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert cross-site scripting (XSS) payloads into the DOM for other users who are searching for specific pages. This issue has been patched in version 3.4.0.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34088 – Pandora FMS Remote Code Execution Vulnerability

Next Article CVE-2025-53369 – MediaWiki Short Description Cross-Site Scripting

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Microsoft Build says goodbye to Seattle — drugs, crime, and homelessness allegedly to blame

Dhruvil Sanghvi on Why AI Won’t Save Logistics Sector Without Cyber Hygiene

CVE-2025-37093 – HPE StoreOnce Authentication Bypass Vulnerability

CVE-2025-5493 – Baison Channel Middleware SQL Injection

CVE-2025-20046 – Intel PROSet/Wireless WiFi Software Use-After-Free Denial of Service

7 ways to lock down your phone’s security – before it’s too late

CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

CVE-2025-46349 – YesWiki Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

Related Posts