davidstutz/bootstrap-multiselect

davidstutz/bootstrap-multiselect

Releases22
Frequency7 months 13 hours
Last Release
Stars3.68K
JQuery multiselect plugin based on Twitter Bootstrap.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
= 1.1.26.1 MEDIUM

An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).