CVE-2025-53370

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0

Description: The Citizen MediaWiki skin has an issue where short descriptions set via the ShortDescription extension are inserted as raw HTML, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0.

Recommendations: For versions 1.9.4 through 3.4.0, update to version 3.4.0 to patch this issue. As a temporary workaround, consider restricting the use of the ShortDescription extension until the update is applied.