CVE-2025-49579

Name of the Vulnerable Software and Affected Versions Citizen versions prior to 3.3.1

Description The issue affects the Citizen MediaWiki skin, where system messages in menu headings using the Menu.mustache template are inserted as raw HTML. This allows users with the editinterface right to insert arbitrary HTML into the DOM, potentially impacting wikis. The estimated number of affected devices and real-world incidents are not specified.

Recommendations For versions prior to 3.3.1, update to version 3.3.1 to resolve the issue. As a temporary workaround, consider restricting the editinterface user right to minimize the risk of exploitation.