291 matches found
CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...
CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...
PT-2024-21303 · Unknown · Label Studio
Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.11.0 Description: The issue arises from improper sanitization of data imported via the file upload feature, which is then rendered within a Choices or Labels tag, resulting in an XSS vulnerability. To exploit...
CVE-2024-1110 Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings...
CVE-2024-24565 CrateDB database has an arbitrary file read vulnerability
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...
CVE-2024-24565
Summary: CVE-2024-24565 affects CrateDB. An issue in the COPY FROM function lets authenticated users import arbitrary file content into database tables, causing information leakage. What’s affected: CrateDB (all current versions prior to the patch channels) with COPY FROM functionality that reads...
GHSA-FQ23-G58M-799R Cross-site Scripting Vulnerability on Data Import
Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.10.1 and was tested on version 1.9.2.post0. Overview Label Studio had a remote import feature allowed users to...
PYSEC-2024-128
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...
Server side request forgery (ssrf)
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...
CVE-2024-23633 Label Studio XSS Vulnerability on Data Import
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...
PT-2023-9052 · Oracle · Oracle Agile Product Lifecycle Management For Process
Name of the Vulnerable Software and Affected Versions: Oracle Agile Product Lifecycle Management for Process version 6.2.4.2 Description: The issue is related to insufficient input validation in the Data Import component of the Oracle Agile Product Lifecycle Management for Process application. Th...
OpenCart SQL Injection Vulnerability (CNVD-2023-54401)
OpenCart is an open source online shopping system that allows you to build your own online store. The system is simple and easy to use and supports all kinds of data import and export , including product information , user orders , products and so on. Through OpenCart users can easily complete th...
CVE-2023-2351
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...
CVE-2023-2280
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...
CVE-2023-0859
Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/...
CVE-2023-0859
Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/...
Code injection
Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/...
CVE-2023-0859
Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/...
多款Canon产品安全漏洞
Canon imageCLASS MF644Cdw is a smart and efficient 3-in-1 color multifunction printer from Canon Japan. A security vulnerability exists in Canon Laser Printer, Inkjet Printer, and Small Office Multifunctional Printers that originates from the ability to install arbitrary files in the Setup Data...
CVE-2023-0859
CVE-2023-0859 affects Canon imageCLASS and related Office/Small Office Multifunction printers (various Satera LBP66x/LBP62x, MF740C/MF640C, MF1127C, and i-SENSYS lines) with firmware versions 11.04 and earlier. The vulnerability arises from arbitrary files being installable via the Setting Data I...