An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
{ "nvd_published_at": "2025-05-13T16:15:31Z", "github_reviewed_at": "2025-05-15T14:51:25Z", "github_reviewed": true, "severity": "MODERATE", "cwe_ids": [ "CWE-352", "CWE-79" ] }