pkg:Packagist/starcitizentools/citizen-skin

9 total CVEsHIGH2MEDIUM7

✅ Check your installed version

All known vulnerabilities

  • HIGH8.6CVE-2025-53370Citizen vulnerable to Stored XSS through short descriptions
    >= 1.9.4, < 3.4.0
  • HIGH8.6CVE-2025-53368starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions
    >= 1.9.4, < 3.4.0
  • MEDIUM6.5CVE-2025-62508Citizen vulnerable to stored XSS in sticky header button messages
    >= 3.3.0, < 3.9.0
  • MEDIUM6.5CVE-2025-49578starcitizentools/citizen-skin allows stored XSS in user registration date message
    >= 3.3.0, < 3.3.1
  • MEDIUM6.5CVE-2025-49579starcitizentools/citizen-skin allows stored XSS in menu heading message
    >= 2.4.2, < 3.3.1
  • MEDIUM6.5CVE-2025-49577starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
    >= 2.13.0, < 3.3.1
  • MEDIUM6.5CVE-2025-49576starcitizentools/citizen-skin allows stored XSS in search no result messages
    >= 2.31.0, < 3.3.1
  • MEDIUM6.5CVE-2025-49575Citizen skin vulnerable to stored XSS through multiple system messages
    >= 2.4.2, < 3.3.1
  • MEDIUM4.6CVE-2024-47536starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
    >= 2.6.3, < 2.31.0