Описание
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:davidstutz:bootstrap_multiselect:1.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00762
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 6.1
github
9 месяцев назад
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data
EPSS
Процентиль: 73%
0.00762
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-352