CVE-2025-47204

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).

projectdiscovery/nuclei-templates
projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
GitHubGitHub
12.5K
davidstutz/bootstrap-multiselect
davidstutz/bootstrap-multiselect
JQuery multiselect plugin based on Twitter Bootstrap.
GitHubGitHub
3.68K