CVE-2024-47536

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47536

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47536.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47536

Aliases

GHSA-62r2-gcxr-426x

Published

2024-09-30T17:09:40Z

Modified

2025-10-15T14:30:02.626795Z

Severity

4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

Details

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0.

References

Affected packages

Git / github.com/StarCitizenTools/mediawiki-skins-Citizen

Affected ranges

Type: GIT
Repo: https://github.com/StarCitizenTools/mediawiki-skins-Citizen
Events: Introduced

cb15810de98a77ea652afdfe2d9e6d366e499324

Fixed

d4e65977b505bb3915969805cdd5c004325f5e70

Affected versions

v2.*

v2.10.0

v2.10.1

v2.11.0

v2.11.1

v2.12.0

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.13.5

v2.14.0

v2.14.1

v2.15.0

v2.15.1

v2.16.0

v2.16.1

v2.17.0

v2.17.1

v2.17.2

v2.18.0

v2.18.1

v2.19.0

v2.20.0

v2.21.0

v2.22.0

v2.22.1

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.29.0

v2.30.0

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.9.0

v2.9.1