CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

July 3, 2025

CVE ID : CVE-2025-53368

Published : July 3, 2025, 8:15 p.m. | 3 hours, 14 minutes ago

Description : Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert cross-site scripting (XSS) payloads into the DOM for other users who are searching for specific pages. This issue has been patched in version 3.4.0.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34088 – Pandora FMS Remote Code Execution Vulnerability

Next Article CVE-2025-53369 – MediaWiki Short Description Cross-Site Scripting

Highlights

CVE-2025-7692 – SolarWinds Orion WordPress SMS Authentication Bypass Vulnerability

July 22, 2025

CVE ID : CVE-2025-7692

Published : July 22, 2025, 10:15 a.m. | 14 hours, 29 minutes ago

Description : The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on the number of attempts to submit the code. This makes it possible for unauthenticated attackers to log in as other users, including administrators, if they have access to their phone number.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

Looking to Outsource React.js Development? Here’s What Top Agencies Are Doing Right

Beyond The Hype: What AI Can Really Do For Product Design

BrowserStack launches Chrome extension that bundles 10+ manual web testing tools

How much RAM does your Linux PC really need in 2025?

Have solar at home? Supercharge that investment with this other crucial component

I replaced my MacBook charger with this compact wall unit – and wish I’d done it sooner

5 reasons to switch to an immutable Linux distro today – and which to try first

Sentry Adds Logs Support for Laravel Apps

Sentry Adds Logs Support for Laravel Apps

Efficient Context Management with Laravel’s Remember Functions

Laravel Devtoolbox: Your Swiss Army Knife Artisan CLI

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

We gave OpenAI’s open-source AI a kid’s test — here’s what happened

With GTA 6, next-gen exclusives, and a console comeback on the horizon, Xbox risks sitting on the sidelines — here’s why

CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

Workday Staff Fall to Social Engineering; Hackers Access Third-Party CRM Platform

Get Ready for the Black Hat USA 2025 CISO Podcast Series from The Cyber Express and Suraksha Catalyst

CVE-2025-5498 – Slackero PHPwcms Remote Deserialization Vulnerability

CVE-2025-6948 – GitLab Cross-Site Scripting (XSS) Vulnerability

Microsoft Teams Gets a 3D Makeover for Events

CVE-2025-20963 – Symantec Antivirus Buffer Overflow

CVE-2025-7692 – SolarWinds Orion WordPress SMS Authentication Bypass Vulnerability

The top 10 laptops ZDNET readers are buying in 2025

Filament: Calculate/Show Age Based on Birth Date Field

Final Fantasy XVI producer doubles down on multiplatform strategy for Xbox — comments on popularity ofturn-basedRPGS

CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

Related Posts