CVE-2025-47204 PoC — Bootstrap 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-47204.yaml

Associated Vulnerability

Title:Bootstrap 安全漏洞 (CVE-2025-47204)
Description:Bootstrap是Bootstrap公司的一款使用HTML、CSS和JavaScript开发的开源Web前端框架。 Bootstrap 1.1.2版本存在安全漏洞，该漏洞源于源代码中post.php文件回显任意POST数据，可能导致反射型跨站脚本攻击和跨站请求伪造攻击。

Description

A PHP script in the source code release echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).

File Snapshot


 id: CVE-2025-47204

info:
  name: Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting
  author: r3

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!