CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

Github Security Blog•added 2025/02/14 3:23 p.m.•22 views

Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Description Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attack...

6.1CVSS6AI score0.20047EPSS

Exploits2References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by