[MEDIUM] starcitizentools/citizen-skin allows stored XSS in preference menu heading messages

PKSA-yx2v-tr3p-mp7j CVE-2025-49577 GHSA-jwr7-992g-68mh

Affected package: starcitizentools/citizen-skin

Affected version: >=2.13.0,<3.3.1

Reported by:
GitHub