An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
References
Configurations
No configuration.
History
14 May 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
Summary |
|
13 May 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-13 16:15
Updated : 2025-05-14 14:15
NVD link : CVE-2025-47204
Mitre link : CVE-2025-47204
CVE.ORG link : CVE-2025-47204
JSON object : View
Products Affected
No product.
CWE
CWE-352
Cross-Site Request Forgery (CSRF)