Label Studio
Monthly
Stored XSS in Label Studio's custom_hotkeys feature allows authenticated attackers to inject malicious JavaScript that executes in other users' browsers, potentially enabling API token theft and account takeover due to insufficient CSRF protections. Public exploit code exists for this vulnerability affecting Label Studio 1.22.0 and earlier. An attacker could abuse this to gain unauthorized API access or perform actions on behalf of compromised users.
Label Studio is a multi-type data labeling and annotation tool. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Label Studio is an open source data labeling tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Label Studio is an open source data labeling tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.0%.
Stored XSS in Label Studio's custom_hotkeys feature allows authenticated attackers to inject malicious JavaScript that executes in other users' browsers, potentially enabling API token theft and account takeover due to insufficient CSRF protections. Public exploit code exists for this vulnerability affecting Label Studio 1.22.0 and earlier. An attacker could abuse this to gain unauthorized API access or perform actions on behalf of compromised users.
Label Studio is a multi-type data labeling and annotation tool. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Label Studio is an open source data labeling tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Label Studio is an open source data labeling tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.0%.