Описание
MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from <data android:scheme="android_secret_code"> elements is rendered in HTML reports without sanitization, enabling session hijacking and account takeover. Version 4.4.5 fixes the issue.
EPSS
Процентиль: 1%
0.00009
Низкий
8.1 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.1
github
12 дней назад
MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field
EPSS
Процентиль: 1%
0.00009
Низкий
8.1 High
CVSS3
Дефекты
CWE-79