Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting

A PHP script in the source code release echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request Forgery CSRF. id: CVE-2025-47204 info: name: Bootstr...

EUVD-2025-14385

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

Cross-Site Scripting

Bootstrap Multiselect is vulnerable to Reflective Cross-Site Scripting XSS. The vulnerability is due to unsanitized output of POST data in a PHP script, which allows attackers to execute arbitrary JavaScript in the context of a victim's browser through Cross-Site Request Forgery CSRF...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

@dfeidao/fd-w000005 (>=4.6.201905201058 <=4.6.201907081013), @dfeidao/widgets (>=4.5.201903181201 <=4.6.201905131523) +16 more potentially affected by CVE-2025-47204 via bootstrap-multiselect (>=0.9.13-1 <=1.1.2)

bootstrap-multiselect NPM version =0.9.13-1, =4.6.201905201058, =4.5.201903181201, =1.0.0, =3.0.201812052008, =1.0.0, =2.0.0, =0.1.0, =0.0.3, =1.0.7-1, =1.1.4, =1.2.1, =1.2.2, =0.0.2, =1.0.0 and more Source cves: CVE-2025-47204 Source advisory: OSV:GHSA-GV5R-9GXR-V74W...

Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

Cross-site Scripting (XSS)

Overview org.webjars.npm:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by sendi...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.davidstutz:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's brows...

Cross-site Scripting (XSS)

Overview org.webjars.bower:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by...

io.quarkus:quarkus-vertx-http-deployment (>=2.13.0.CR1 <=3.3.3) potentially affected by CVE-2025-47204 via org.webjars:bootstrap-multiselect (=0.9.15)

org.webjars:bootstrap-multiselect MAVEN version =0.9.15 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:bootstrap-multiselect and may be impacted: - io.quarkus:quarkus-vertx-http-deployment =2.13.0.CR1, =3.3.3 Source cves: CVE-2025-47204...

Cross-site Scripting (XSS)

Overview org.webjars:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by sending...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

CVE-2025-47204

Bootstrap Multiselect

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

PT-2025-20925 · Unknown · Bootstrap-Multiselect

Name of the Vulnerable Software and Affected Versions: bootstrap-multiselect version 1.1.2 Description: An issue was discovered in post.php, where a PHP script echoes arbitrary POST data. This could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...