[MEDIUM] starcitizentools/citizen-skin allows stored XSS in search no result messages

PKSA-xvfx-fm8m-bmds CVE-2025-49576 GHSA-86xf-2mgp-gv3g

Affected package: starcitizentools/citizen-skin

Affected version: >=2.31.0,<3.3.1

Reported by:
GitHub