What is GHSA-mrc3-wvpc-wr7p?

GHSA-mrc3-wvpc-wr7p is a security advisory published by GitHub Security Advisories with Medium severity. Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers...

Which CVE IDs does GHSA-mrc3-wvpc-wr7p cover?

GHSA-mrc3-wvpc-wr7p covers the following CVE IDs: CVE-2018-25384. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-mrc3-wvpc-wr7p?

GHSA-mrc3-wvpc-wr7p has a CVSS v3 base score of 5.4, published by GitHub Security Advisories.

GHSA-mrc3-wvpc-wr7pMediumCVSS 5.4

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2018-25384 →

📋 Description

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users' browsers when viewing forum replies.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25384
https://sourceforge.net/projects/wikidforum
https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download
https://www.exploit-db.com/exploits/45580
https://www.vulncheck.com/advisories/wikidforum-cross-site-scripting-via-reply-text-parameter
https://github.com/advisories/GHSA-mrc3-wvpc-wr7p