CVE-2024-36123

Name of the Vulnerable Software and Affected Versions Citizen versions prior to 2.16.0

Description The Citizen MediaWiki skin is affected by an issue where the page MediaWiki:Tagline has its contents used unescaped, allowing custom HTML (including Javascript) to be injected by someone with the ability to edit the MediaWiki namespace, typically those with the editinterface permission, or sysops.

Recommendations For versions prior to 2.16.0, update to version 2.16.0 to resolve the issue. As a temporary workaround, consider restricting access to the MediaWiki:Tagline page to minimize the risk of exploitation. Additionally, limiting the editinterface permission to trusted users can help mitigate the risk.