MobSF has Stored XSS via Manifest Analysis

Print RSS

REHAN 17.02.2026 / 00:56 Author
Boss

MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

A Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from <data android:scheme="android_secret_code"> elements is rendered in HTML reports without sanitization, enabling session hijacking and account takeover.

https://github.com/advisories/GHSA-8hf7-h89p-3pqj

⚠️ WARNING: LEGAL DISCLAIMER

This tool is intended for educational purposes only. The author is not responsible for any illegal use of this tool. Users aresolely responsible for their actions.

#kalilinux #kalilinuxtools #informationsecurity #ethicalhacker #pentesting #Ubuntu #bugbounty #github #githubuniverse #hacking #hacking_or_secutiy #WebPentest #webpentest #decryption #ddosattak #networkattacktool #networkattack #WhatWeb #metasploit #nmap #burpsuite #bruteforce #informationgathering #hackingtools #vulnerability #sysalbania #cybersecurity #bugs

You must be logged in to perform actions!

Stickers / Tags / Rules