CVE-2025-7887

Summary

A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file template.inc.php. The manipulation of the argument path leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
Zavy86WikiDocs1.0.0affected
Zavy86WikiDocs1.0.1affected
Zavy86WikiDocs1.0.2affected
Zavy86WikiDocs1.0.3affected
Zavy86WikiDocs1.0.4affected
Zavy86WikiDocs1.0.5affected
Zavy86WikiDocs1.0.6affected
Zavy86WikiDocs1.0.7affected
Zavy86WikiDocs1.0.8affected
Zavy86WikiDocs1.0.9affected
Zavy86WikiDocs1.0.10affected
Zavy86WikiDocs1.0.11affected
Zavy86WikiDocs1.0.12affected
Zavy86WikiDocs1.0.13affected
Zavy86WikiDocs1.0.14affected
Zavy86WikiDocs1.0.15affected
Zavy86WikiDocs1.0.16affected
Zavy86WikiDocs1.0.17affected
Zavy86WikiDocs1.0.18affected
Zavy86WikiDocs1.0.19affected
Zavy86WikiDocs1.0.20affected
Zavy86WikiDocs1.0.21affected
Zavy86WikiDocs1.0.22affected
Zavy86WikiDocs1.0.23affected
Zavy86WikiDocs1.0.24affected
Zavy86WikiDocs1.0.25affected
Zavy86WikiDocs1.0.26affected
Zavy86WikiDocs1.0.27affected
Zavy86WikiDocs1.0.28affected
Zavy86WikiDocs1.0.29affected
Zavy86WikiDocs1.0.30affected
Zavy86WikiDocs1.0.31affected
Zavy86WikiDocs1.0.32affected
Zavy86WikiDocs1.0.33affected
Zavy86WikiDocs1.0.34affected
Zavy86WikiDocs1.0.35affected
Zavy86WikiDocs1.0.36affected
Zavy86WikiDocs1.0.37affected
Zavy86WikiDocs1.0.38affected
Zavy86WikiDocs1.0.39affected
Zavy86WikiDocs1.0.40affected
Zavy86WikiDocs1.0.41affected
Zavy86WikiDocs1.0.42affected
Zavy86WikiDocs1.0.43affected
Zavy86WikiDocs1.0.44affected
Zavy86WikiDocs1.0.45affected
Zavy86WikiDocs1.0.46affected
Zavy86WikiDocs1.0.47affected
Zavy86WikiDocs1.0.48affected
Zavy86WikiDocs1.0.49affected
Zavy86WikiDocs1.0.50affected
Zavy86WikiDocs1.0.51affected
Zavy86WikiDocs1.0.52affected
Zavy86WikiDocs1.0.53affected
Zavy86WikiDocs1.0.54affected
Zavy86WikiDocs1.0.55affected
Zavy86WikiDocs1.0.56affected
Zavy86WikiDocs1.0.57affected
Zavy86WikiDocs1.0.58affected
Zavy86WikiDocs1.0.59affected
Zavy86WikiDocs1.0.60affected
Zavy86WikiDocs1.0.61affected
Zavy86WikiDocs1.0.62affected
Zavy86WikiDocs1.0.63affected
Zavy86WikiDocs1.0.64affected
Zavy86WikiDocs1.0.65affected
Zavy86WikiDocs1.0.66affected
Zavy86WikiDocs1.0.67affected
Zavy86WikiDocs1.0.68affected
Zavy86WikiDocs1.0.69affected
Zavy86WikiDocs1.0.70affected
Zavy86WikiDocs1.0.71affected
Zavy86WikiDocs1.0.72affected
Zavy86WikiDocs1.0.73affected
Zavy86WikiDocs1.0.74affected
Zavy86WikiDocs1.0.75affected
Zavy86WikiDocs1.0.76affected
Zavy86WikiDocs1.0.77affected
Zavy86WikiDocs1.0.78affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References