Lucene search
K

6 matches found

GithubExploit
GithubExploit
added 2025/03/01 2:8 a.m.693 views

Exploit for Cross-site Scripting in Humansignal Label_Studio

CVE-2025-25296 Proof of Concept POC Description This pr...

6.1CVSS6AI score0.0185EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/02/16 7:25 p.m.8 views

CVE-2025-25296

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...

6.1CVSS6.7AI score0.0185EPSS
Exploits2References1
NVD
NVD
added 2025/02/14 8:15 p.m.57 views

CVE-2025-25296

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...

6.1CVSS0.0185EPSS
Exploits2References2
CVE
CVE
added 2025/02/14 7:24 p.m.95 views

CVE-2025-25296

CVE-2025-25296 affects Label Studio versions prior to 1.16.0. The vulnerability is in the GET-based /projects/upload-example endpoint, where a crafted label_config permits injecting and rendering HTML without proper sanitization, enabling Cross-Site Scripting (XSS) . The CSP is in report-only mod...

6.1CVSS6.8AI score0.0185EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/14 7:24 p.m.17 views

CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...

6.1CVSS6.5AI score0.0185EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/02/14 7:24 p.m.60 views

CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...

6.1CVSS0.0185EPSS
Exploits2References2
Rows per page
Query Builder