2 matches found
Cross-site Scripting (XSS)
Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the labelconfig parameter in labelstudio/projects/views.py. An attacker can execute arbitrary scripts in the context of the user's browser by sending malicious...
Cross-site Scripting (XSS)
Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /projects/upload-example endpoint due to improper sanitization of the input passed to the labelconfig query parameter. PoC Create a malicious label conf...