CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
Configurations

No configuration.

History

14 May 2025, 14:15

Type Values Removed Values Added
CWE CWE-352
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
Summary
  • (es) Se descubrió un problema en post.php en bootstrap-multiselect (también conocido como Bootstrap Multiselect) 1.1.2. Un script PHP en el código fuente reproduce datos POST arbitrarios. Si un desarrollador adopta esta estructura de forma generalizada en una aplicación en vivo, podría generar una vulnerabilidad de Cross-Site Scripting (XSS) reflejado, explotable mediante Cross-Site Request Forgery (CSRF).

13 May 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-13 16:15

Updated : 2025-05-14 14:15


NVD link : CVE-2025-47204

Mitre link : CVE-2025-47204

CVE.ORG link : CVE-2025-47204


JSON object : View

Products Affected

No product.

CWE
CWE-352

Cross-Site Request Forgery (CSRF)