Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 10 Jun 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV4_0
|
cvssV4_0
|
Thu, 04 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV4_0
|
cvssV4_0
|
Wed, 03 Jun 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies. | |
| Title | Wikidforum 2.20 Cross-Site Scripting via reply_text Parameter | |
| First Time appeared |
Wikidforum
Wikidforum wikidforum |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:wikidforum:wikidforum:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Wikidforum
Wikidforum wikidforum |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-11T11:27:29.748Z
Reserved: 2026-05-29T11:12:10.931Z
Link: CVE-2018-25384
Updated: 2026-06-01T13:41:12.501Z
Status : Deferred
Published: 2026-05-29T16:16:17.453
Modified: 2026-06-10T02:16:30.647
Link: CVE-2018-25384
No data.
OpenCVE Enrichment
Updated: 2026-06-10T02:30:05Z