Lucene search

Veracode Vulnerability DatabaseVERACODE:45146

HistoryJan 24, 2024 - 7:04 a.m.

Cross Site Scripting (XSS)

2024-01-2407:04:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

vulnerability

image sanitization

user upload

authenticated user

crafted image

avatar

html file

attacker

arbitrary javascript

malicious actions

security

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

6.8 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

label_studio is vulnerable to Cross Site Scripting (XSS). The vulnerability due to improper image sanitization during upload, which allows an authenticated user to upload a crafted image file for their avatar which gets rendered as an HTML file. This allows an attacker to execute arbitrary JavaScript and performs malicious actions within Label Studio.

CPENameOperatorVersion
label-studiole1.9.1
label-studiole1.9.1

CPE	Name	Operator	Version
	label-studio	le	1.9.1
	label-studio	le	1.9.1

References

docs.djangoproject.com/en/4.2/ref/views/#serving-files-in-development

github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/functions.py#L18-L49

github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/urls.py#L25-L26

github.com/HumanSignal/label-studio/commit/a7a71e594f32ec4af8f3f800d5ccb8662e275da3

github.com/HumanSignal/label-studio/security/advisories/GHSA-q68h-xwq5-mm7x