cbcvebase.
CVE-2025-47204
published 2025-05-13

CVE-2025-47204: An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If…

PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.40%
32.2th percentile
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).

Affected

1 ranges
VendorProductVersion rangeFixed in
davidstutzbootstrap_multiselect

Detection & IOCsextracted from sources · hover to see the quote

pathpost.php
commandalert(document.domain)
sigma
matchers:
- type: dsl
  dsl:
  - 'contains(content_type, "text/html")'
  - 'contains_all(body, "alert(document.domain)", "bootstrap-multiselect-master")'
  condition: and
  • Look for HTTP responses with Content-Type 'text/html' that contain both 'alert(document.domain)' and 'bootstrap-multiselect-master' in the body, indicating reflected XSS via post.php.
  • The vulnerable script post.php echoes arbitrary POST data back to the client; monitor POST requests to post.php in bootstrap-multiselect deployments for unsanitized reflected output.
  • ·This vulnerability is only exploitable if a developer has deployed the example post.php script from the bootstrap-multiselect source in a live/production application; it is not present in the library itself by default.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.