Описание
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9.
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.9 (исключая)
cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01429
Низкий
8.1 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
около 1 года назад
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
EPSS
Процентиль: 80%
0.01429
Низкий
8.1 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79