[MEDIUM] Citizen skin vulnerable to stored XSS through multiple system messages

PKSA-r38v-6jhj-xcxw CVE-2025-49575 GHSA-4c2h-67qq-vm87

Affected package: starcitizentools/citizen-skin

Affected version: >=2.4.2,<3.3.1

Reported by:
GitHub