Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

StarCitizenTools — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting StarCitizenTools. AI-powered Chinese analysis, POCs, and references for each vulnerability.

StarCitizenTools provides third-party utilities and tracking services for the Star Citizen gaming community. Historically, the platform has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from improper input validation and insecure API endpoints. Privilege escalation vulnerabilities have also been documented, allowing unauthorized access to user accounts or administrative functions. The project maintains 14 CVE records, with several critical issues discovered in 2022-2023 that exposed user data and system integrity. While no major public breaches have been reported, the consistent pattern of vulnerabilities suggests ongoing security challenges in maintaining a secure third-party ecosystem for game-related services.

Top products by StarCitizenTools: mediawiki-skins-Citizen mediawiki-extensions-ShortDescription mediawiki-extensions-TabberNeue
CVE IDTitleCVSSSeverityPublished
CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages — mediawiki-skins-CitizenCWE-79 6.5 Medium2025-10-17
CVE-2025-53369 Citizen Short Description stored XSS vulnerability through wikitext — mediawiki-extensions-ShortDescriptionCWE-79 8.6 High2025-07-03
CVE-2025-53370 Citizen stored XSS vulnerability through short descriptions — mediawiki-skins-CitizenCWE-79 8.6 High2025-07-03
CVE-2025-53368 Citizen is vulnerable to stored XSS attack in the legacy search bar — mediawiki-skins-CitizenCWE-79 8.6 High2025-07-03
CVE-2025-53093 TabberNeue vulnerable to Stored XSS through wikitext — mediawiki-extensions-TabberNeueCWE-79 8.6 High2025-06-27
CVE-2025-49576 Citizen allows stored XSS in search no result messages — mediawiki-skins-CitizenCWE-79 6.5 Medium2025-06-12
CVE-2025-49578 Citizen allows stored XSS in user registration date message — mediawiki-skins-CitizenCWE-79 6.5 Medium2025-06-12
CVE-2025-49579 Citizen allows stored XSS in menu heading message — mediawiki-skins-CitizenCWE-79 6.5 Medium2025-06-12
CVE-2025-49575 Citizen allows stored XSS in Command Palette tip messages — mediawiki-skins-CitizenCWE-79 6.5 Medium2025-06-12
CVE-2025-49577 Citizen allows stored XSS in preference menu headings — mediawiki-skins-CitizenCWE-79 6.5 Medium2025-06-12
CVE-2025-21612 Cross-site Scripting in TabberTransclude in Extension:TabberNeue — mediawiki-extensions-TabberNeueCWE-79 8.6 High2025-01-06
CVE-2024-47536 starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field — mediawiki-skins-CitizenCWE-80 5.4 -2024-09-30
CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline — mediawiki-skins-CitizenCWE-79 6.5 Medium2024-06-03
CVE-2022-21710 Cross-site Scripting in ShortDescription extension — mediawiki-extensions-ShortDescriptionCWE-79 4.7 Medium2022-01-24

This page lists every published CVE security advisory associated with StarCitizenTools. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.