5.4
CVE-2018-25384
- EPSS 0.22%
- Veröffentlicht 29.05.2026 16:16:17
- Zuletzt bearbeitet 10.06.2026 02:16:30
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Wikidforum 2.20 Cross-Site Scripting via reply_text Parameter
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerwikidforum
≫
Produkt
Wikidforum
Default Statusunaffected
Version <=
2.20
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.117 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| disclosure@vulncheck.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://sourceforge.net/projects/wikidforum/
https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download
https://www.exploit-db.com/exploits/45580
https://www.vulncheck.com/advisories/wikidforum-cross-site-scripting-via-reply-text-parameter