Bootstrap 安全漏洞

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript by Bootstrap Inc. A security vulnerability exists in Bootstrap versions prior to 3.4.1 through 4.0.0 that stems from improper input neutralization and could lead to a cross-site scripting attack...

PT-2025-21333

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 3.4.1 through 3.4.x Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows attackers to run malicious scripts. A DOM-based XSS...

PT-2025-21431 · WordPress · Twitter Bootstrap Collapse Aka Accordian Shortcode

Name of the Vulnerable Software and Affected Versions: Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin versions 1.0 and earlier Description: The issue concerns the Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin, which does not properly validate and escape...

CVE-2021-26291 affecting package javapackages-bootstrap for versions less than 1.5.0-6

CVE-2021-26291 affecting package javapackages-bootstrap for versions less than 1.5.0-6. A patched version of the package is available...

@dfeidao/fd-w000005 (>=4.6.201905201058 <=4.6.201907081013), @dfeidao/widgets (>=4.5.201903181201 <=4.6.201905131523) +16 more potentially affected by CVE-2025-47204 via bootstrap-multiselect (>=0.9.13-1 <=1.1.2)

bootstrap-multiselect NPM version =0.9.13-1, =4.6.201905201058, =4.5.201903181201, =1.0.0, =3.0.201812052008, =1.0.0, =2.0.0, =0.1.0, =0.0.3, =1.0.7-1, =1.1.4, =1.2.1, =1.2.2, =0.0.2, =1.0.0 and more Source cves: CVE-2025-47204 Source advisory: OSV:GHSA-GV5R-9GXR-V74W...

Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.davidstutz:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's brows...

Cross-site Scripting (XSS)

Overview org.webjars.npm:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by sendi...

Cross-site Scripting (XSS)

Overview org.webjars.bower:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by...

io.quarkus:quarkus-vertx-http-deployment (>=2.13.0.CR1 <=3.3.3) potentially affected by CVE-2025-47204 via org.webjars:bootstrap-multiselect (=0.9.15)

org.webjars:bootstrap-multiselect MAVEN version =0.9.15 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:bootstrap-multiselect and may be impacted: - io.quarkus:quarkus-vertx-http-deployment =2.13.0.CR1, =3.3.3 Source cves: CVE-2025-47204...

Cross-site Scripting (XSS)

Overview org.webjars:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by sending...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

Bootstrap 安全漏洞

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript by Bootstrap Inc. A security vulnerability exists in Bootstrap version 1.1.2, which originates from the post.php file in the code that echoes arbitrary POST data, which could lead to reflective cross-site...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

PT-2025-20925 · Unknown · Bootstrap-Multiselect

Name of the Vulnerable Software and Affected Versions: bootstrap-multiselect version 1.1.2 Description: An issue was discovered in post.php, where a PHP script echoes arbitrary POST data. This could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

CVE-2025-47204

Bootstrap Multiselect

CVE-2025-20155

A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is firs...

CVE-2025-20155

A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is firs...