Medium severity6.1NVD Advisory· Published May 13, 2025· Updated Jun 17, 2026
CVE-2025-47204
CVE-2025-47204
Description
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bootstrap-multiselectnpm | < 2.0.0 | 2.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/projectdiscovery/nuclei-templates/commit/11e1a6c11d3954f44acfb0274b6dad4bd8045103nvdPatchWEB
- github.com/advisories/GHSA-gv5r-9gxr-v74wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-47204ghsaADVISORY
- github.com/davidstutz/bootstrap-multiselect/commit/7da45ded9c82837a8eae9cb9dd3bd32a3dd1dc45ghsaWEB
- github.com/davidstutz/bootstrap-multiselect/issues/1286ghsaWEB
- github.com/davidstutz/bootstrap-multiselect/pull/1287ghsaWEB
- github.com/davidstutz/bootstrap-multiselect/releasesnvdRelease NotesWEB
News mentions
0No linked articles in our index yet.