Lucene search
K

9 matches found

Nuclei
Nuclei
added 12 hours ago14 views

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

6.1CVSS6AI score0.01778EPSS
Exploits2References2
Snyk
Snyk
added 2025/05/15 4:21 p.m.3 views

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the labelconfig parameter in labelstudio/projects/views.py. An attacker can execute arbitrary scripts in the context of the user's browser by sending malicious...

9.3CVSS5.6AI score0.0054EPSS
Exploits1References2
OSV
OSV
added 2025/05/14 11:15 p.m.9 views

PYSEC-2025-124

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

6.1CVSS5.8AI score0.0054EPSS
Exploits1References1
PyPA
PyPA
added 2025/05/14 11:15 p.m.9 views

PYSEC-2025-124

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

7.6CVSS5.8AI score0.0054EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.5 views

Label Studio 跨站脚本漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A cross-site scripting vulnerability exists in Label Studio versio...

7.6CVSS5.8AI score0.0054EPSS
Exploits1References2
OSV
OSV
added 2025/03/11 9:47 p.m.2 views

MAL-2025-2263 Malicious code in linear-file-upload-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aef3f24b1e992b4ea2859eb439304d2d1ace859ae0cfd7581f2b0714bed88fab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Snyk
Snyk
added 2025/02/14 7:42 p.m.2 views

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /projects/upload-example endpoint due to improper sanitization of the input passed to the labelconfig query parameter. PoC Create a malicious label conf...

6.1CVSS5.3AI score0.01778EPSS
Exploits2References2
OSV
OSV
added 2025/02/14 3:23 p.m.9 views

GHSA-WPQ5-3366-MQW4 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Description Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attack...

6.1CVSS6.3AI score0.01778EPSS
Exploits2References4
seebug.org
seebug.org
added 2004/10/18 12:0 a.m.16 views

SLX Server 6.1 Arbitrary File Creation Exploit (PoC)

No description provided by source. !/usr/bin/perl Proof of concept exploit: Arbitrary file creation for SLX server 6.1 Written by Carl Livitt, Agenda Security Services, June 2004. This exploit abuses the ProcessQueueFile command on SLX 6.1 others? servers to create arbitrary files on the filesyst...

7.1AI score
Exploits0
Rows per page
Query Builder