Skip to main content

Computer Vision Annotation Tool CVE-2024-47063

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-09-30 security-advisories@github.com
6.2
CVSS 4.0 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
6.2 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (github) · only source for this CVE.

CVSS VectorVendor: github

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

1
CVE Published
Sep 30, 2024 - 15:15 cve.org
MEDIUM 6.2

DescriptionCVE.org

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.

AnalysisAI

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue. Affected products include: Cvat Computer Vision Annotation Tool.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-31188 CRITICAL POC
9.8 Aug 01

CVAT is an opensource interactive video and image annotation tool for computer vision. Rated critical severity (CVSS 9.8

CVE-2026-23526 HIGH
8.8 Jan 21

CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]

CVE-2024-37164 HIGH
8.5 Jun 13

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high

CVE-2024-37306 HIGH
7.1 Jun 13

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high

CVE-2025-49135 MEDIUM
6.5 Jun 25

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 ha

CVE-2024-45393 MEDIUM
6.4 Sep 10

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi

CVE-2024-47064 MEDIUM
6.3 Sep 30

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi

CVE-2026-23516 MEDIUM
5.4 Jan 21

CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]

CVE-2024-47172 MEDIUM
5.4 Sep 30

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi

CVE-2025-48381 MEDIUM
5.3 May 30

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi

CVE-2025-23045 HIGH
8.7 Jan 28

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high

Share

CVE-2024-47063 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy