9 matches found
Label Studio < 1.16.0 - Cross-Site Scripting
Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...
Cross-site Scripting (XSS)
Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the labelconfig parameter in labelstudio/projects/views.py. An attacker can execute arbitrary scripts in the context of the user's browser by sending malicious...
PYSEC-2025-124
Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...
PYSEC-2025-124
Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...
Label Studio 跨站脚本漏洞
Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A cross-site scripting vulnerability exists in Label Studio versio...
MAL-2025-2263 Malicious code in linear-file-upload-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aef3f24b1e992b4ea2859eb439304d2d1ace859ae0cfd7581f2b0714bed88fab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cross-site Scripting (XSS)
Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /projects/upload-example endpoint due to improper sanitization of the input passed to the labelconfig query parameter. PoC Create a malicious label conf...
GHSA-WPQ5-3366-MQW4 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Description Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attack...
SLX Server 6.1 Arbitrary File Creation Exploit (PoC)
No description provided by source. !/usr/bin/perl Proof of concept exploit: Arbitrary file creation for SLX server 6.1 Written by Carl Livitt, Agenda Security Services, June 2004. This exploit abuses the ProcessQueueFile command on SLX 6.1 others? servers to create arbitrary files on the filesyst...