Safety vulnerability ID: 74420
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of MobSF before 4.2.9 are vulnerable to Cross-Site Scripting (CWE-79). This allows attackers to execute arbitrary JavaScript in users' browsers, potentially leading to session hijacking or data theft. The vulnerability is triggered by uploading files with malicious JavaScript in their filenames, which are then rendered unsanitized in the diff comparison dialog. The vulnerable code exists in recent.html where diff_first_name and diff_second_name are directly interpolated. Exploitation requires an attacker to upload a file and a victim to view the diff comparison. Users should upgrade to version 4.2.9 which implements proper HTML escaping via escapeHtml() function.
Latest version: 4.3.2
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application