CVE-2018-25384NVD

Vulnerability Summary

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

Severity Level

MEDIUM(5.4)

Published Date

May 29, 2026

Last Modified

Jun 4, 2026

Exploitation Status

UNKNOWN

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

ScopeChanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://www.exploit-db.com/exploits/45580
https://sourceforge.net/projects/wikidforum/
https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download
https://www.vulncheck.com/advisories/wikidforum-cross-site-scripting-via-reply-text-parameter