CVE-2018-25384
Deferred Deferred - Pending Action

XSS in Wikidforum via Malicious Reply Text

Vulnerability report for CVE-2018-25384, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-29

Last updated on: 2026-06-10

Assigner: VulnCheck

Description

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-29
Last Modified
2026-06-10
Generated
2026-07-09
AI Q&A
2026-05-29
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2018-25384 is a cross-site scripting (XSS) vulnerability found in Wikidforum version 2.20. It allows authenticated attackers to inject malicious JavaScript code by submitting specially crafted HTML through the reply_text parameter when posting comments.

This malicious script is then executed in the browsers of other users who view the forum replies, potentially compromising their session or data.

Impact Analysis

This vulnerability can impact users by enabling attackers to execute arbitrary JavaScript in their browsers when they view forum replies. This can lead to session hijacking, theft of sensitive information, or performing actions on behalf of the user without their consent.

Since the attack requires an authenticated user to inject the malicious script, it poses a risk within the user community of the forum.

Detection Guidance

This vulnerability can be detected by monitoring HTTP POST requests to the rpc.php endpoint of the Wikidforum application, specifically looking for the presence of suspicious or crafted HTML/JavaScript code in the reply_text parameter.

A practical approach is to capture and analyze web traffic to identify attempts to inject scripts via the reply_text parameter.

  • Use tools like tcpdump or Wireshark to capture HTTP POST requests to rpc.php.
  • Example tcpdump command to capture HTTP POST requests to rpc.php: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /rpc.php'
  • Use grep or similar tools to search server logs for the reply_text parameter containing suspicious JavaScript or HTML tags.
  • Example grep command on web server logs: grep 'reply_text=.*<script' /path/to/access.log
Mitigation Strategies

Immediate mitigation steps include restricting or sanitizing user input to the reply_text parameter to prevent injection of malicious scripts.

Since the vulnerability requires authenticated access, ensure that only trusted users can post replies or implement stricter authentication and authorization controls.

Additionally, consider applying input validation and output encoding to neutralize any HTML or JavaScript content submitted.

If available, update Wikidforum to a version that patches this vulnerability or apply any vendor-provided patches.

As a temporary workaround, disable or restrict the rpc.php endpoint if it is not essential.

Compliance Impact

The provided information does not specify how the cross-site scripting vulnerability in Wikidforum 2.20 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25384. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart