CVE-2018-25384
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
Wikidforum version 2.20 contains a cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter.
Risk Assessment
Attackers can post comments containing JavaScript code that executes in other users' browsers when viewing forum replies, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to upgrade to the latest version of Wikidforum and implement input validation and filtering to mitigate the risk of XSS attacks.
Original NVD description (English source)
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

