2 matches found
Cross site scripting
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
CVE-2022-40489
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...