An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
History

Wed, 09 Jul 2025 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Davidstutz
Davidstutz bootstrap Multiselect
CPEs cpe:2.3:a:davidstutz:bootstrap_multiselect:1.1.2:*:*:*:*:*:*:*
Vendors & Products Davidstutz
Davidstutz bootstrap Multiselect

Wed, 14 May 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-352
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 May 2025 16:15:00 +0000

Type Values Removed Values Added
Description An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-05-13T00:00:00.000Z

Updated: 2025-05-14T13:41:07.847Z

Reserved: 2025-05-02T00:00:00.000Z

Link: CVE-2025-47204

cve-icon Vulnrichment

Updated: 2025-05-14T13:40:58.998Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-13T16:15:31.890

Modified: 2025-07-09T02:02:56.550

Link: CVE-2025-47204

cve-icon Redhat

No data.