2 matches found
CVE-2024-26152
Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...
CVE-2024-26152
CVE-2024-26152 affects Label Studio versions before 1.11.0. Data imported via the file-upload feature is not properly sanitized before rendering in Choices or Labels, enabling an XSS vulnerability through injected HTML/JS in the imported data (e.g., image tags with onload handlers). Reproduced on...