CVE-2018-25349

Received Received - Intake

BaseFortify

Publication date: 2026-05-23

Last updated on: 2026-05-23

Assigner: VulnCheck

Description

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-23

Last Modified

2026-05-23

Generated

2026-05-26

EPSS Evaluated

N/A

NVD

CVE-2018-25349

EUVD

EUVD-2018-21869

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-79	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2018-25349

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart