CVE-2025-53369 HIGH

CVE-2025-53369: Citizen Short Description stored XSS vulnerability through wikitext

Vendor Starcitizentools

Product mediawiki-extensions-ShortDescription

Weakness CWE-79 · XSS

Published July 3, 2025

Last update July 3, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1.

Key dates

02Disclosure timeline

July 3, 2025 CVE published

July 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53369 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-53369

CWE CWE-79

CVSS 8.6 / HIGH

Affected versions

Vendor Starcitizentools

Product mediawiki-extensions-ShortDescription

Affected >= 05f6c6824f8f37dcc2d51cf6df4e7a09bea2196c, < 2c18bd21c5de53c336f55b6ff42f2983ea5796b4

Vendor Starcitizentools

Product mediawiki-extensions-ShortDescription

Affected >= 4.0.0, < 4.0.1

CVE-2025-53369: Citizen Short Description stored XSS vulnerability through wikitext

01Description

02Disclosure timeline

03References

04Related CVE