CVE-2018-25384

Wikidforum 2.20 Cross-Site Scripting via reply_text Parameter

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

wikidforum · Wikidforum

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45580unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sourceforge.net/projects/wikidforum/https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download https://www.exploit-db.com/exploits/45580 https://www.vulncheck.com/advisories/wikidforum-cross-site-scripting-via-reply-text-parameter