Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).

Published

2025-05-13T16:15:31.890

Last Modified

2025-07-09T02:02:56.550

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	davidstutz	bootstrap_multiselect	1.1.2	Yes

References

https://github.com/davidstutz/bootstrap-multiselect/releases Release Notes ([email protected])
https://github.com/projectdiscovery/nuclei-templates/commit/11e1a6c11d3954f44acfb0274b6dad4bd8045103 Patch ([email protected])