Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
HumansignalLabel Studio

3 matches found

CVE
CVEadded 2025/02/14 8:15 p.m.75 views

CVE-2025-25296

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted label_config query parameter. By crafting a specially formatted XML label config with i...

6.1CVSS6.8AI score0.01402EPSS
CVE
CVEadded 2024/01/24 12:15 a.m.72 views

CVE-2024-23633

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious Java...

6.1CVSS6.3AI score0.00111EPSS
CVE
CVEadded 2024/02/22 10:15 p.m.68 views

CVE-2024-26152

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label St...

6.1CVSS4.8AI score0.00987EPSS