Lucene search
K

291 matches found

Cvelist
Cvelist
added 2024/02/22 9:52 p.m.23 views

CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

4.7CVSS5AI score0.02199EPSS
Exploits1References4
OSV
OSV
added 2024/02/22 9:52 p.m.27 views

CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

4.7CVSS4.7AI score0.02199EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.7 views

PT-2024-21303 · Unknown · Label Studio

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.11.0 Description: The issue arises from improper sanitization of data imported via the file upload feature, which is then rendered within a Choices or Labels tag, resulting in an XSS vulnerability. To exploit...

6.1CVSS4.4AI score0.02199EPSS
Exploits1References11
Cvelist
Cvelist
added 2024/02/07 11:2 a.m.34 views

CVE-2024-1110 Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings...

5.3CVSS5.3AI score0.00524EPSS
Exploits0References3
OSV
OSV
added 2024/01/30 4:46 p.m.35 views

CVE-2024-24565 CrateDB database has an arbitrary file read vulnerability

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...

5.7CVSS6.5AI score0.03084EPSS
Exploits1References4
CVE
CVE
added 2024/01/30 4:46 p.m.63 views

CVE-2024-24565

Summary: CVE-2024-24565 affects CrateDB. An issue in the COPY FROM function lets authenticated users import arbitrary file content into database tables, causing information leakage. What’s affected: CrateDB (all current versions prior to the patch channels) with COPY FROM functionality that reads...

6.5CVSS6.4AI score0.03084EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/01/24 2:21 p.m.33 views

GHSA-FQ23-G58M-799R Cross-site Scripting Vulnerability on Data Import

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.10.1 and was tested on version 1.9.2.post0. Overview Label Studio had a remote import feature allowed users to...

4.7CVSS5.5AI score0.00592EPSS
Exploits0References7
PyPA
PyPA
added 2024/01/24 12:15 a.m.8 views

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

6.1CVSS7.2AI score0.00592EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2024/01/24 12:15 a.m.17 views

Server side request forgery (ssrf)

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

5.8CVSS7.2AI score0.00592EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/23 11:15 p.m.28 views

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

4.7CVSS6.9AI score0.00592EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.11 views

PT-2023-9052 · Oracle · Oracle Agile Product Lifecycle Management For Process

Name of the Vulnerable Software and Affected Versions: Oracle Agile Product Lifecycle Management for Process version 6.2.4.2 Description: The issue is related to insufficient input validation in the Data Import component of the Oracle Agile Product Lifecycle Management for Process application. Th...

6.8CVSS7.5AI score0.00446EPSS
Exploits0References7
CNVD
CNVD
added 2023/06/28 12:0 a.m.47 views

OpenCart SQL Injection Vulnerability (CNVD-2023-54401)

OpenCart is an open source online shopping system that allows you to build your own online store. The system is simple and easy to use and supports all kinds of data import and export , including product information , user orders , products and so on. Through OpenCart users can easily complete th...

7.2CVSS8.7AI score0.01127EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/06/13 2:15 a.m.1 views

CVE-2023-2351

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

6.5CVSS6.8AI score0.0064EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.1 views

CVE-2023-2280

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...

6.5CVSS6AI score0.00601EPSS
Exploits0References4
NVD
NVD
added 2023/05/11 1:15 p.m.26 views

CVE-2023-0859

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/...

5.3CVSS4.3AI score0.00544EPSS
Exploits0References4
OSV
OSV
added 2023/05/11 1:15 p.m.8 views

CVE-2023-0859

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/...

5.3CVSS5.8AI score0.00544EPSS
Exploits0References4
Prion
Prion
added 2023/05/11 1:15 p.m.28 views

Code injection

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/...

5CVSS5.3AI score0.00544EPSS
Exploits0References4Affected Software45
Cvelist
Cvelist
added 2023/05/11 12:0 a.m.24 views

CVE-2023-0859

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/...

2.2CVSS5.6AI score0.00544EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.8 views

多款Canon产品安全漏洞

Canon imageCLASS MF644Cdw is a smart and efficient 3-in-1 color multifunction printer from Canon Japan. A security vulnerability exists in Canon Laser Printer, Inkjet Printer, and Small Office Multifunctional Printers that originates from the ability to install arbitrary files in the Setup Data...

5.3CVSS5.9AI score0.00544EPSS
Exploits0References5
CVE
CVE
added 2023/05/11 12:0 a.m.62 views

CVE-2023-0859

CVE-2023-0859 affects Canon imageCLASS and related Office/Small Office Multifunction printers (various Satera LBP66x/LBP62x, MF740C/MF640C, MF1127C, and i-SENSYS lines) with firmware versions 11.04 and earlier. The vulnerability arises from arbitrary files being installable via the Setting Data I...

5.3CVSS5.3AI score0.00544EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder