Lucene search
+L

179 matches found

vulnersOsv
vulnersOsv
added 2025/05/15 4:21 p.m.5 views

rm-gallery (>=0.1.0 <=0.1.2) potentially affected by CVE-2025-47783 via label-studio (=1.17.0)

label-studio PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio and may be impacted: - rm-gallery =0.1.0, =0.1.2 Source cves: CVE-2025-47783 Source advisory: SNYK:PYTHON-LABELSTUDIO-10182217...

7.6CVSS5.8AI score0.0054EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/05/15 4:21 p.m.6 views

rm-gallery (>=0.1.0 <=0.1.2) potentially affected by CVE-2025-47783 via label-studio (=1.17.0)

label-studio PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio and may be impacted: - rm-gallery =0.1.0, =0.1.2 Source cves: CVE-2025-47783 Source advisory: OSV:GHSA-8JHR-WPCM-HH4H...

7.6CVSS5.8AI score0.0054EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/05/14 11:15 p.m.6 views

rm-gallery (>=0.1.0 <=0.1.2) potentially affected by CVE-2025-47783 via label-studio (=1.17.0)

label-studio PYPI version =1.17.0 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio and may be impacted: - rm-gallery =0.1.0, =0.1.2 Source cves: CVE-2025-47783 Source advisory: OSV:PYSEC-2025-124...

7.6CVSS5.8AI score0.0054EPSS
Exploits1
NVD
NVD
added 2025/05/14 11:15 p.m.17 views

CVE-2025-47783

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

7.6CVSS0.0054EPSS
Exploits1References1
OSV
OSV
added 2025/05/14 11:15 p.m.9 views

PYSEC-2025-124

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

6.1CVSS5.8AI score0.0054EPSS
Exploits1References1
PyPA
PyPA
added 2025/05/14 11:15 p.m.10 views

PYSEC-2025-124

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

7.6CVSS5.8AI score0.0054EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/14 11:1 p.m.11 views

CVE-2025-47783 label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

7.6CVSS6.4AI score0.0054EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 11:1 p.m.39 views

CVE-2025-47783 label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

7.6CVSS0.0054EPSS
Exploits1References1
CVE
CVE
added 2025/05/14 11:1 p.m.57 views

CVE-2025-47783

Label Studio

7.6CVSS7AI score0.0054EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/05/14 11:1 p.m.4 views

CVE-2025-47783 label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

7.6CVSS6.4AI score0.0054EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.6 views

Label Studio 跨站脚本漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A cross-site scripting vulnerability exists in Label Studio versio...

7.6CVSS5.8AI score0.0054EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.4 views

PT-2025-21251 · Unknown · Label Studio

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.18.0 Description: A vulnerability in Label Studio allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf...

7.6CVSS6.2AI score0.0054EPSS
Exploits1References13
GithubExploit
GithubExploit
added 2025/03/01 2:8 a.m.694 views

Exploit for Cross-site Scripting in Humansignal Label_Studio

CVE-2025-25296 Proof of Concept POC Description This pr...

6.1CVSS6AI score0.0185EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/02/16 8:20 p.m.8 views

CVE-2025-25297

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a cust...

8.6CVSS6.8AI score0.00644EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/16 7:25 p.m.8 views

CVE-2025-25296

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...

6.1CVSS6.7AI score0.0185EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/16 5:20 p.m.13 views

CVE-2025-25295

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS6.2AI score0.00739EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 8:15 p.m.57 views

CVE-2025-25296

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...

6.1CVSS0.0185EPSS
Exploits2References2
NVD
NVD
added 2025/02/14 8:15 p.m.23 views

CVE-2025-25297

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a cust...

8.6CVSS0.00644EPSS
Exploits1References2
Snyk
Snyk
added 2025/02/14 7:42 p.m.5 views

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /projects/upload-example endpoint due to improper sanitization of the input passed to the labelconfig query parameter. PoC Create a malicious label conf...

6.1CVSS5.3AI score0.0185EPSS
Exploits2References2
CVE
CVE
added 2025/02/14 7:25 p.m.121 views

CVE-2025-25297

Label Studio (Open Source) contains a CVE-2025-25297 SSRF in the S3 storage endpoint configuration prior to version 1.16.0. The s3_endpoint parameter is passed directly to the boto3 AWS SDK without validation, allowing an authenticated user to trigger HTTP requests to arbitrary internal services ...

8.6CVSS7AI score0.00644EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder