CVE-2024-53999

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.7 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/27d165872847f5ae7417caf09f37edeeba741e1e	Patch
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-5jc6-h9w7-jm3p	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*

History

27 Jun 2025, 15:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:opensecurity:mobile_security_framework::::::::
First Time		Opensecurity mobile Security Framework Opensecurity
References	~~() https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/27d165872847f5ae7417caf09f37edeeba741e1e -~~	() https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/27d165872847f5ae7417caf09f37edeeba741e1e - Patch
References	~~() https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-5jc6-h9w7-jm3p -~~	() https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-5jc6-h9w7-jm3p - Exploit, Vendor Advisory

03 Dec 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-03 16:15

Updated : 2025-06-27 15:16

NVD link : CVE-2024-53999

Mitre link : CVE-2024-53999

CVE.ORG link : CVE-2024-53999

JSON object : View

Products Affected

opensecurity

mobile_security_framework

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-53999", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-12-03T16:15:24.250", "references": [{"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/27d165872847f5ae7417caf09f37edeeba741e1e", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-5jc6-h9w7-jm3p", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the \"Diff or Compare\" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9."}, {"lang": "es", "value": "Mobile Security Framework (MobSF) es un framework de evaluaci\u00f3n de seguridad, an\u00e1lisis de malware y pruebas de penetraci\u00f3n capaz de realizar an\u00e1lisis est\u00e1ticos y din\u00e1micos. La aplicaci\u00f3n permite a los usuarios cargar archivos con scripts en el par\u00e1metro filename. Como resultado, un usuario malintencionado puede cargar un archivo de script al sistema. Cuando los usuarios de la aplicaci\u00f3n utilizan la funci\u00f3n \"Diff or Compare\", se ven afectados por una vulnerabilidad de Cross-Site Scripting almacenado. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 4.2.9."}], "lastModified": "2025-06-27T15:16:59.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15AD1EE4-6E96-4728-8F26-E86D6DB71E34", "versionEndExcluding": "4.2.9"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}