Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting CVE-2025-47204
- Severity
- Vulnerability description
A PHP script in the source code release echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
- Risk description
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
- Recommendation
Only use the necessary components (css/js) in production applications
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Nuclei
- Exploitable with Sniper
- No
- CVE Published
- Not available
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.