CVE-2018-25384

MEDIUM 5.4

Wikidforum 2.20 Cross-Site Scripting via reply_text Parameter

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

9th

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

CWE	CWE-79
Vendor	wikidforum
Product	wikidforum
Published	May 29, 2026
Last Updated	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for wikidforum wikidforum

Be the first to know when new medium vulnerabilities affecting wikidforum wikidforum are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

wikidforum / Wikidforum

0 ≤ 2.20

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45580 sourceforge.net: https://sourceforge.net/projects/wikidforum/ sourceforge.net: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download vulncheck.com: https://www.vulncheck.com/advisories/wikidforum-cross-site-scripting-via-reply-text-parameter

Credits

Amir Hossein Mahboubi