CVE-2018-25384

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N                                    

Vulnerability Description

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

Vulnerability Details

Published Date

May 29, 2026

Last Modified

May 29, 2026

CWE ID

CWE-79

Source

NVD

Vendor

wikidforum

Product

Wikidforum

External References

https://sourceforge.net/projects/wikidforum/
https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download
https://www.exploit-db.com/exploits/45580
https://www.vulncheck.com/advisories/wikidforum-cross-site-scripting-via-reply-text-parameter

CVE-2018-25384

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment