@dfeidao/fd-w000005 (>=4.6.201905201058 <=4.6.201907081013), @dfeidao/widgets (>=4.5.201903181201 <=4.6.201905131523) +16 more potentially affected by CVE-2025-47204 via bootstrap-multiselect (>=0.9.13-1 <=1.1.2)

bootstrap-multiselect NPM version =0.9.13-1, =4.6.201905201058, =4.5.201903181201, =1.0.0, =3.0.201812052008, =1.0.0, =2.0.0, =0.1.0, =0.0.3, =1.0.7-1, =1.1.4, =1.2.1, =1.2.2, =0.0.2, =1.0.0 and more Source cves: CVE-2025-47204 Source advisory: OSV:GHSA-GV5R-9GXR-V74W...

PT-2025-20925 · Unknown · Bootstrap-Multiselect

Name of the Vulnerable Software and Affected Versions: bootstrap-multiselect version 1.1.2 Description: An issue was discovered in post.php, where a PHP script echoes arbitrary POST data. This could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request...