CVE-2025-49579 – Citizen is a MediaWiki skin that makes extensions

June 12, 2025

CVE ID : CVE-2025-49579

Published : June 12, 2025, 7:15 p.m. | 2 hours, 46 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-36539 – AVEVA PI Data Archive Denial of Service (DoS)

Next Article CVE-2025-49575 – Citizen is a MediaWiki skin that makes extensions

Highlights

CVE-2025-45011 – “PHPGurukul Park Ticketing Management System HTML Injection Vulnerability”

April 30, 2025

CVE ID : CVE-2025-45011

Published : April 30, 2025, 2:15 p.m. | 2 hours, 42 minutes ago

Description : A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

OneDrive for Mac will soon give you more flexible storage options

From The Editor’s Desk — new Windows Central community features, we’d like to hear from you!

New code strings attached to Xbox Game Pass suggests a price increase may be imminent

This could be the versatile laptop accessory I’ve been waiting for — Here’s why it stands out from other portable monitors

Worker Threads in Node.js: A Complete Guide for Multithreading in JavaScript

Worker Threads in Node.js: A Complete Guide for Multithreading in JavaScript

Everybody’s gone lintin’

QAQ-QQ-AI-QUEST

OneDrive for Mac will soon give you more flexible storage options

OneDrive for Mac will soon give you more flexible storage options

From The Editor’s Desk — new Windows Central community features, we’d like to hear from you!

New code strings attached to Xbox Game Pass suggests a price increase may be imminent

CVE-2025-49579 – Citizen is a MediaWiki skin that makes extensions

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys

Celebrating GAAD by Committing to Universal Design: Equitable Use

CVE-2025-49446 – Minhlaobao Admin Notes CSRF Vulnerability

autoenv provides directory based environments

CVE-2025-37876 – Linux NetFS NULL Pointer Dereference Vulnerability

CVE-2025-45011 – “PHPGurukul Park Ticketing Management System HTML Injection Vulnerability”

projektgopher/whisky

Prism Relay

CVE-2025-4095 – Docker Desktop MacOS Registry Access Bypass Vulnerability

CVE-2025-49579 – Citizen is a MediaWiki skin that makes extensions

Related Posts