[MEDIUM] starcitizentools/citizen-skin allows stored XSS in user registration date message

PKSA-pm3x-3bjy-mhn9 CVE-2025-49578 GHSA-2v3v-3whp-953h

Affected package: starcitizentools/citizen-skin

Affected version: >=3.3.0,<3.3.1

Reported by:
GitHub