漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Vulnerability Description
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Mobile Security Framework 安全漏洞
Vulnerability Description
Mobile Security Framework(MobSF)是Mobile Security Framework开源的一种自动化的一体化移动应用程序。用于渗透测试、恶意软件分析和安全评估,能够执行静态和动态分析。 Mobile Security Framework存在安全漏洞,该漏洞源于允许上传文件名参数中带有脚本的文件。
CVSS Information
N/A
Vulnerability Type
N/A