[MEDIUM] starcitizentools/citizen-skin allows stored XSS in menu heading message

PKSA-68j2-x1s7-tqgv CVE-2025-49579 GHSA-g3cp-pq72-hjpv

Affected version: >=2.4.2,<3.3.1

Reported by:
GitHub

[MEDIUM] Citizen skin vulnerable to stored XSS through multiple system messages

PKSA-r38v-6jhj-xcxw CVE-2025-49575 GHSA-4c2h-67qq-vm87

Affected version: >=2.4.2,<3.3.1

Reported by:
GitHub