CVE-2018-25384
Deferred Deferred - Pending Action
XSS in Wikidforum via Malicious Reply Text

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: VulnCheck

Description
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-05-29
AI Q&A
2026-05-29
EPSS Evaluated
N/A
NVD
CVE-2018-25384
EUVD
EUVD-2018-21906
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2018-25384 is a cross-site scripting (XSS) vulnerability found in Wikidforum version 2.20. It allows authenticated attackers to inject malicious JavaScript code by submitting specially crafted HTML through the reply_text parameter when posting comments.

This malicious script is then executed in the browsers of other users who view the forum replies, potentially compromising their session or data.


How can this vulnerability impact me? :

This vulnerability can impact users by enabling attackers to execute arbitrary JavaScript in their browsers when they view forum replies. This can lead to session hijacking, theft of sensitive information, or performing actions on behalf of the user without their consent.

Since the attack requires an authenticated user to inject the malicious script, it poses a risk within the user community of the forum.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring HTTP POST requests to the rpc.php endpoint of the Wikidforum application, specifically looking for the presence of suspicious or crafted HTML/JavaScript code in the reply_text parameter.

A practical approach is to capture and analyze web traffic to identify attempts to inject scripts via the reply_text parameter.

  • Use tools like tcpdump or Wireshark to capture HTTP POST requests to rpc.php.
  • Example tcpdump command to capture HTTP POST requests to rpc.php: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /rpc.php'
  • Use grep or similar tools to search server logs for the reply_text parameter containing suspicious JavaScript or HTML tags.
  • Example grep command on web server logs: grep 'reply_text=.*<script' /path/to/access.log

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting or sanitizing user input to the reply_text parameter to prevent injection of malicious scripts.

Since the vulnerability requires authenticated access, ensure that only trusted users can post replies or implement stricter authentication and authorization controls.

Additionally, consider applying input validation and output encoding to neutralize any HTML or JavaScript content submitted.

If available, update Wikidforum to a version that patches this vulnerability or apply any vendor-provided patches.

As a temporary workaround, disable or restrict the rpc.php endpoint if it is not essential.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart