[MEDIUM] Citizen vulnerable to stored XSS in sticky header button messages

PKSA-cbz7-rhx5-jhnf CVE-2025-62508 GHSA-g955-vw6w-v6pp

Affected package: starcitizentools/citizen-skin

Affected version: >=3.3.0,<3.9.0

Reported by:
GitHub