Vulnerability Details CVE-2025-47204
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.7%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2025-47204
-
cpe:2.3:a:davidstutz:bootstrap_multiselect:1.1.2