72 matches found
CVE-2025-47204
An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...
PT-2025-20925 · Unknown · Bootstrap-Multiselect
Name of the Vulnerable Software and Affected Versions: bootstrap-multiselect version 1.1.2 Description: An issue was discovered in post.php, where a PHP script echoes arbitrary POST data. This could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request...
CVE-2025-47204
An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...
CVE-2025-47204
Bootstrap Multiselect
CVE-2022-39322
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
PT-2024-17174 · Enms · Enms
Name of the Vulnerable Software and Affected Versions: eNMS versions up to 4.2 Description: A critical issue has been found in the function multiselect filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched...
PT-2024-40445 · Silverstripe · Silverstripe Cms
Name of the Vulnerable Software and Affected Versions: Silverstripe CMS affected versions not specified Description: A cross-site scripting issue has been found in the TreeDropdownField and TreeMultiSelectField. This can be exploited if a user with CMS access posts malicious or unescaped HTML int...
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Summary User input passed directly into an SQL statement allows non-admin backend users to execute arbitrary SQL statements. Details The /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for at...
GHSA-72HH-XF79-429P Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Summary User input passed directly into an SQL statement allows non-admin backend users to execute arbitrary SQL statements. Details The /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for at...
Pimcore SQL Injection Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore...
SUSE CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880...
CVE-2022-39322
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
CVE-2022-39322
The CVE-2022-39322 entry affects the Keystone 6 ecosystem: @keystone-6/core prior to version 2.3.1, specifically 2.2.0 up to 2.3.0, is vulnerable to a field-level access-control bypass for multiselect fields. The vulnerability arises because field-level access control is not applied to multiselec...
CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
Field-level access-control bypass for multiselect field
Impact @keystone-6/[email protected] || 2.3.0 users who are using the multiselect field, and provided field-level access control - are vulnerable to their field-level access control not being used. List-level access control is NOT affected. Field-level access control for fields other than multiselect ar...
GHSA-6MHR-52MV-6V6F Field-level access-control bypass for multiselect field
Impact @keystone-6/[email protected] || 2.3.0 users who are using the multiselect field, and provided field-level access control - are vulnerable to their field-level access control not being used. List-level access control is NOT affected. Field-level access control for fields other than multiselect ar...
PT-2022-24899 · Unknown · @Keystone-6/Core
Name of the Vulnerable Software and Affected Versions: @keystone-6/core versions 2.2.0 through 2.3.0 Description: The issue affects users of the multiselect field in @keystone-6/core who have configured field-level access control. The field-level access control is not being used, making the data...
CVE-2022-36037
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...