11 matches found
EUVD-2025-13371
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
mobsf is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization during SVG file handling in the Android APK analysis workflow, which allows malicious scripts to be embedded in the SVG files...
CVE-2025-46335
Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...
CVE-2025-46335
Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...
CVE-2025-46335
The CVE-2025-46335 entry concerns Mobile Security Framework (MobSF) and describes a Stored Cross-Site Scripting (XSS) vulnerability in MobSF versions up to 4.3.2, arising from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Affected component: MobSF Andr...
CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...
CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...
GHSA-MWFG-948F-2CC5 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...
Cross-site Scripting (XSS)
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...
PT-2025-19768 · Mobsf +1 · Mobsf +1
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions up to and including 4.3.2 Description: A Stored Cross-Site Scripting XSS issue has been identified in MobSF. The issue arises from improper sanitization of user-supplied SVG files during the Android AP...