CVE-2025-49578 – Citizen is a MediaWiki skin that makes extensions

June 12, 2025

CVE ID : CVE-2025-49578

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49575 – Citizen is a MediaWiki skin that makes extensions

Next Article CVE-2025-49577 – Citizen is a MediaWiki skin that makes extensions

Highlights

CVE-2025-6271 – Swftools wav2swf Out-of-Bounds Read Vulnerability

June 19, 2025

CVE ID : CVE-2025-6271

Published : June 19, 2025, 6:15 p.m. | 4 hours, 14 minutes ago

Description : A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CVE-2025-49578 – Citizen is a MediaWiki skin that makes extensions

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Elelem – versatile LLM client

CVE-2025-6022 – Apache Struts Remote Code Execution Vulnerability

CodeSOD: The Variable Toggle

Iterator helpers have become Baseline Newly available

CVE-2025-6271 – Swftools wav2swf Out-of-Bounds Read Vulnerability

CVE-2025-27358 – mndpsingh287 Frontend File Manager Basic XSS Vulnerability

CVE-2025-4553 – PHPGurukul Apartment Visitors Management System SQL Injection

This Week in Laravel: React Native, PhpStorm Junie, and more

CVE-2025-49578 – Citizen is a MediaWiki skin that makes extensions

Related Posts