Lucene search
K

99 matches found

Cvelist
Cvelist
added 2025/05/05 6:23 p.m.20 views

CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

8.6CVSS0.00251EPSS
Exploits1References2
OSV
OSV
added 2025/05/05 2:55 p.m.31 views

GHSA-MWFG-948F-2CC5 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...

6.9CVSS4.9AI score0.00251EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/05/05 2:55 p.m.14 views

Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...

8.6CVSS5AI score0.00251EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.6 views

PT-2025-19792

Name of the Vulnerable Software and Affected Versions MobSF versions up to and including 4.3.2 Description MobSF is a mobile application security testing tool used by security teams across numerous organizations, typically deployed on centralized internal or cloud-based servers. The tool provides...

6.8CVSS5.9AI score0.00411EPSS
Exploits1References13
Veracode
Veracode
added 2025/04/09 4:26 a.m.12 views

Server Side Request Forgery (SSRF)

mobsf is vulnerable to Server Side Request Forgery SSRF Abuse. The vulnerability is due to socket.gethostbyname not properly handling DNS rebinding, allows attackers to exploit DNS resolutions and make requests to internal services...

9.8CVSS6.7AI score0.00446EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/03/31 5:23 p.m.9 views

GHSA-FCFQ-M8P6-GW56 Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding

Summary The latest deployed fix for the SSRF vulnerability is through the use of the call validhost. The code available at lines /ae34f7c055aa64fca58e995b70bc7f19da6ca33a/mobsf/MobSF/utils.pyL907-L957 is vulnerable to SSRF abuse using DNS rebinding technique. PoC The following proof of concept:...

4.4CVSS6.9AI score0.00446EPSS
Exploits1References5
Veracode
Veracode
added 2025/02/07 2:32 a.m.8 views

Improper Input Validation

mobsf is vulnerable to Improper Input Validation. The vulnerability is due to the application's failure to enforce strict validation on the CFBundleIdentifier value, allowing attackers to insert special characters that trigger parsing errors and result in a Denial of Service DoS condition...

4.8CVSS6.7AI score0.00448EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/05 9:14 p.m.39 views

MobSF Local Privilege Escalation

Product: Mobile Security Framework MobSF Version: 4.3.0 CWE-ID: CWE-269: Improper Privilege Management CVSS vector v.4.0: 7.1 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N CVSS vector v.3.1: 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Description: MobSF has a functionality of dividing users ...

8.5CVSS7.1AI score0.00348EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/02/05 9:14 p.m.3 views

Improper Privilege Management

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Improper...

8.7CVSS6.6AI score0.00348EPSS
Exploits1References2
OSV
OSV
added 2025/02/05 9:9 p.m.6 views

GHSA-JRM8-XGF3-FWQR MobSF Partial Denial of Service (DoS)

Partial Denial of Service DoS Product: MobSF Version: v4.2.9 CWE-ID: CWE-1287: Improper Validation of Specified Type of Input CVSS vector v.4.0: 6.9 AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS vector v.3.1: 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Description: DoS in the Scans...

7.1CVSS5.9AI score0.00448EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/02/05 9:9 p.m.15 views

MobSF Partial Denial of Service (DoS)

Partial Denial of Service DoS Product: MobSF Version: v4.2.9 CWE-ID: CWE-1287: Improper Validation of Specified Type of Input CVSS vector v.4.0: 6.9 AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS vector v.3.1: 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Description: DoS in the Scans...

4.8CVSS5.9AI score0.00448EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/05 8:56 p.m.14 views

MobSF Stored Cross-Site Scripting (XSS)

Product: MobSF Version: CFBundleIdentifier value. In the dynamicanalysis.html file you do not sanitize...

8.4CVSS4.9AI score0.00373EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2025/02/05 8:56 p.m.1 views

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

8.4CVSS5.3AI score0.00373EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/05 6:41 p.m.16 views

CVE-2025-24804 Partial Denial of Service (DoS) in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters A–Z, a–z, and 0–9, hyphens -, and...

4.8CVSS0.00448EPSS
Exploits1References3
CVE
CVE
added 2025/02/05 6:41 p.m.78 views

CVE-2025-24804

CVE-2025-24804 affects MobSF (Mobile Security Framework). A flaw in the Info.plist CFBundleIdentifier parsing allows an attacker to inject special characters into the bundle ID, causing the application to fail to render content and throw a 500 error (DoS-like unavailability). The vulnerability is...

4.8CVSS6.5AI score0.00448EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/02/05 6:41 p.m.24 views

CVE-2025-24805 Local Privilege Escalation in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted...

8.5CVSS0.00348EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/02/05 6:41 p.m.9 views

CVE-2025-24805 Local Privilege Escalation in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted...

8.5CVSS6.3AI score0.00348EPSS
Exploits1References2
Snyk
Snyk
added 2024/12/03 6:45 p.m.2 views

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

8.1CVSS5.5AI score0.00508EPSS
Exploits1References2
NVD
NVD
added 2024/12/03 4:15 p.m.36 views

CVE-2024-54000

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

7.5CVSS0.00407EPSS
Exploits0References2
NVD
NVD
added 2024/12/03 4:15 p.m.46 views

CVE-2024-53999

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS0.00508EPSS
Exploits1References2
Rows per page
Query Builder