CVE-2025-47204
- Source
- https://cve.org/CVERecord?id=CVE-2025-47204
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47204.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-47204
- Aliases
- Published
- 2025-05-13T16:15:31.890Z
- Modified
- 2026-04-10T05:52:28.871140Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
- References
Affected packages
Git / github.com/davidstutz/bootstrap-multiselect
Affected ranges
- Type
- GIT
- Repo
- https://github.com/davidstutz/bootstrap-multiselect
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.1.2" } ] }
- Type
- GIT
- Repo
- https://github.com/projectdiscovery/nuclei-templates
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.9
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.9.14
v0.9.15
v0.9.16
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.1.0
v10.1.1
v10.1.2
v10.1.3
v10.1.5
v10.1.6
v10.1.7
v10.2.0
v2.*
v2.0.0
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v5.*
v5.0.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.9
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.1.7
v7.1.8
v7.1.9
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.2.5
v7.2.6
v7.2.7
v7.2.8
v7.2.9
v7.3.0
v7.3.2
v7.3.3
v7.3.4
v7.3.5
v7.3.6
v7.3.7
v7.3.8
v7.3.9
v8.*
v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.8
v8.0.9
v8.1.0
v8.1.2
v8.1.3
v8.1.4
v8.1.5
v8.1.6
v8.1.7
v8.1.8
v8.1.9
v8.2.0
v8.2.1
v8.2.2
v8.2.3
v8.2.4
v8.2.5
v8.2.6
v8.2.7
v8.2.8
v8.2.9
v8.3.0
v8.3.1
v8.3.2
v8.3.3
v8.3.4
v8.3.5
v8.3.6
v8.3.7
v8.3.8
v8.3.9
v8.4.0
v8.4.1
v8.4.2
v8.4.3
v8.4.4
v8.4.5
v8.4.6
v8.4.7
v8.4.8
v8.4.9
v8.5.0
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.6
v8.5.7
v8.5.8
v8.5.9
v8.6.0
v8.6.1
v8.6.2
v8.6.3
v8.6.4
v8.6.5
v8.6.6
v8.6.7
v8.6.8
v8.6.9
v8.7.0
v8.7.1
v8.7.2
v8.7.3
v8.7.8
v8.7.9
v8.8.0
v8.8.1
v8.8.2
v8.8.3
v8.8.4
v8.8.5
v8.8.6
v8.8.7
v8.8.8
v8.8.9
v8.9.0
v8.9.1
v8.9.2
v8.9.3
v8.9.4
v8.9.5
v8.9.6
v8.9.7
v8.9.8
v8.9.9
v9.*
v9.0.0
v9.0.1
v9.0.2
v9.0.3
v9.0.4
v9.0.5
v9.0.6
v9.0.7
v9.0.8
v9.0.9
v9.1.0
v9.1.1
v9.1.2
v9.1.3
v9.1.4
v9.1.5
v9.1.6
v9.1.7
v9.1.8
v9.1.9
v9.2.0
v9.2.1
v9.2.2
v9.2.3
v9.2.4
v9.2.5
v9.2.6
v9.2.7
v9.2.8
v9.2.9
v9.3.0
v9.3.1
v9.3.2
v9.3.3
v9.3.4
v9.3.5
v9.3.6
v9.3.7
v9.3.8
v9.3.9
v9.4.0
v9.4.1
v9.4.2
v9.4.3
v9.5.0
v9.5.1
v9.5.4
v9.5.5
v9.5.6
v9.5.7
v9.5.8
v9.6.0
v9.6.1
v9.6.2
v9.6.3
v9.6.4
v9.6.5
v9.6.6
v9.6.7
v9.6.8
v9.6.9
v9.7.0
v9.7.1
v9.7.2
v9.7.3
v9.7.4
v9.7.5
v9.7.6
v9.7.7
v9.7.8
v9.8.0
v9.8.1
v9.8.5
v9.8.6
v9.8.7
v9.8.8
v9.8.9
v9.9.0
v9.9.1
v9.9.2
v9.9.3
v9.9.4