{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T10:18:24.867","vulnerabilities":[{"cve":{"id":"CVE-2024-53999","sourceIdentifier":"security-advisories@github.com","published":"2024-12-03T16:15:24.250","lastModified":"2025-06-27T15:16:59.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the \"Diff or Compare\" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9."},{"lang":"es","value":"Mobile Security Framework (MobSF) es un framework de evaluación de seguridad, análisis de malware y pruebas de penetración capaz de realizar análisis estáticos y dinámicos. La aplicación permite a los usuarios cargar archivos con scripts en el parámetro filename. Como resultado, un usuario malintencionado puede cargar un archivo de script al sistema. Cuando los usuarios de la aplicación utilizan la función \"Diff or Compare\", se ven afectados por una vulnerabilidad de Cross-Site Scripting almacenado. Esta vulnerabilidad se solucionó en la versión 4.2.9."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.9","matchCriteriaId":"15AD1EE4-6E96-4728-8F26-E86D6DB71E34"}]}]}],"references":[{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/27d165872847f5ae7417caf09f37edeeba741e1e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-5jc6-h9w7-jm3p","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}