Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday14 views

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

6.1CVSS5.9AI score0.01778EPSS
Exploits2References2
Snyk
Snyk
added 2025/05/15 4:21 p.m.3 views

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the labelconfig parameter in labelstudio/projects/views.py. An attacker can execute arbitrary scripts in the context of the user's browser by sending malicious...

9.3CVSS5.6AI score0.0054EPSS
Exploits1References2
OSV
OSV
added 2025/05/14 11:15 p.m.9 views

PYSEC-2025-124

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

6.1CVSS5.8AI score0.0054EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.4 views

Label Studio 跨站脚本漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A cross-site scripting vulnerability exists in Label Studio versio...

7.6CVSS5.8AI score0.0054EPSS
Exploits1References2
Snyk
Snyk
added 2025/02/14 7:42 p.m.2 views

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /projects/upload-example endpoint due to improper sanitization of the input passed to the labelconfig query parameter. PoC Create a malicious label conf...

6.1CVSS5.3AI score0.01778EPSS
Exploits2References2
OSV
OSV
added 2025/02/14 3:23 p.m.9 views

GHSA-WPQ5-3366-MQW4 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Description Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attack...

6.1CVSS6.3AI score0.01778EPSS
Exploits2References4
Rows per page
Query Builder