CVE-2024-53999
CVSS 3.1 Score 8.1 of 10 (high)
Details
Published Dec 3, 2024
CWE ID 79
Summary
CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Mobile Security Framework (MobSF). This framework, used for pen-testing, malware analysis, and security assessments, permits users to submit files for analysis, including those with script names. A malicious user can exploit this by uploading a malicious script file. The vulnerability comes into play when users utilize the "Diff or Compare" functionality, resulting in the injection of malicious scripts into the system. The vulnerability has been rectified in MobSF version 4.2.9.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mobile Security Framework
Affected Vendors
- Open Security, Inc.