CVE-2025-53368

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0

Description: The Citizen MediaWiki skin has an issue where page descriptions are inserted into raw HTML without proper sanitization when using the old search bar. This allows any user with page editing privileges to insert cross-site scripting (XSS) payloads into the DOM for other users who are searching for specific pages.

Recommendations: For versions 1.9.4 through 3.4.0, update to version 3.4.0 to resolve the issue. As a temporary workaround, consider disabling the old search bar until a patch is available. Restrict access to page editing privileges to minimize the risk of exploitation.