starcitizentools/citizen-skin Security Advisories for v2.19.0 (4)
-
[MEDIUM] starcitizentools/citizen-skin allows stored XSS in menu heading message
PKSA-68j2-x1s7-tqgv CVE-2025-49579 GHSA-g3cp-pq72-hjpv
Affected version: >=2.4.2,<3.3.1
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
PKSA-yx2v-tr3p-mp7j CVE-2025-49577 GHSA-jwr7-992g-68mh
Affected version: >=2.13.0,<3.3.1
Reported by:
GitHub -
[MEDIUM] Citizen skin vulnerable to stored XSS through multiple system messages
PKSA-r38v-6jhj-xcxw CVE-2025-49575 GHSA-4c2h-67qq-vm87
Affected version: >=2.4.2,<3.3.1
Reported by:
GitHub -
[MEDIUM] starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
PKSA-vbrv-zfnd-b9m6 CVE-2024-47536 GHSA-62r2-gcxr-426x
Affected version: >=2.6.3,<2.31.0
Reported by:
GitHub