CVE-2024-29190

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

CVE-2024-54000

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

PT-2025-5746 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue arises when an attacker manually modifies the CFBundleIdentifier value in the Info.plist file by adding special characters, which are not allowed according to...

Mobile Security Framework 跨站脚本漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. Mobile Security Framework MobSF suffers...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

PT-2025-5745

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue concerns a stored cross-site scripting XSS vulnerability in the iOS Dynamic Analyzer functionality of the Mobile Security Framework MobSF. According to Apple's...

PT-2025-5747 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue allows a local user with minimal privileges to use an access token for materials for scopes which it should not be accepted. This is due to improper privilege...

CVE-2024-53999

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

CISA: International Chemical Security Framework

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Server-Side Request Forgery (SSRF)

Mobile Security Framework MobSF is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of HTTP redirects in the checkurl method, where the requests.get function is configured with allowredirects=True. This allows an SSRF when a request to...

Cross-site Scripting (XSS)

Mobile Security Framework MobSF is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of filenames, allowing malicious users to upload script files that can execute when the "Diff or Compare" functionality is used...

USN-7139-1: Apache Shiro vulnerability

It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...

GHSA-5JC6-H9W7-JM3P Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...

Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...

PYSEC-2024-256

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

Server-side Request Forgery (SSRF)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Server-side...

PYSEC-2024-256

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...