CVE Catalog

CVE-2018-25384

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

Wikidforum version 2.20 contains a cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter.

Risk Assessment

Attackers can post comments containing JavaScript code that executes in other users' browsers when viewing forum replies, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to upgrade to the latest version of Wikidforum and implement input validation and filtering to mitigate the risk of XSS attacks.

Original NVD description (English source)

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS