An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
Metrics
Affected Vendors & Products
References
History
Wed, 09 Jul 2025 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Davidstutz
Davidstutz bootstrap Multiselect |
|
CPEs | cpe:2.3:a:davidstutz:bootstrap_multiselect:1.1.2:*:*:*:*:*:*:* | |
Vendors & Products |
Davidstutz
Davidstutz bootstrap Multiselect |
Wed, 14 May 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-352 | |
Metrics |
cvssV3_1
|
Tue, 13 May 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF). | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-05-13T00:00:00.000Z
Updated: 2025-05-14T13:41:07.847Z
Reserved: 2025-05-02T00:00:00.000Z
Link: CVE-2025-47204

Updated: 2025-05-14T13:40:58.998Z

Status : Analyzed
Published: 2025-05-13T16:15:31.890
Modified: 2025-07-09T02:02:56.550
Link: CVE-2025-47204

No data.