CVE-2018-25384 MEDIUM

CVE-2018-25384: Wikidforum 2.20 Cross-Site Scripting via reply_text Parameter

Vendor Wikidforum
Product Wikidforum
Weakness CWE-79 · XSS
Published May 29, 2026
Last update June 11, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

Key dates

02Disclosure timeline

May 29, 2026 CVE published
June 11, 2026 Record updated

Related vulnerabilities

04Related CVE