PatchSiren

wikidforum CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM wikidforum CVE published 2026-05-29

CVE-2018-25384

Wikidforum 2.20 contains a cross-site scripting (XSS) vulnerability in the reply_text parameter of the rpc.php endpoint. Authenticated attackers can submit crafted HTML containing JavaScript that executes in other users' browsers when viewing forum replies. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS 4.0 vector indicates network attack [truncated]