CVE-2025-47204

Name of the Vulnerable Software and Affected Versions: bootstrap-multiselect version 1.1.2

Description: An issue was discovered in post.php, where a PHP script echoes arbitrary POST data. This could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF) if a developer adopts this structure in a live application.

Recommendations: For version 1.1.2, consider modifying the post.php script to validate and sanitize POST data to prevent echoing arbitrary input, thus mitigating the risk of Reflective Cross-Site Scripting (XSS) exploitation. As a temporary workaround, consider restricting access to the post.php script until a proper fix is implemented.