CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-47204: An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary...

Description

An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).

Classification

CVE ID: CVE-2025-47204

Affected Products

Vendor: n/a

Product: n/a

Nuclei Template

http/cves/2025/CVE-2025-47204.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 1.01% (probability of being exploited)

EPSS Percentile: 76.07% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47204
https://github.com/davidstutz/bootstrap-multiselect/releases
https://github.com/projectdiscovery/nuclei-templates/commit/11e1a6c11d3954f44acfb0274b6dad4bd8045103

Timeline

2025-05-13 16:40:21 UTC
CVE

An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary...
2025-05-15 15:15:38 UTC
Github Advisory Database (NPM)

[bootstrap-multiselect] Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data