Label Studio 漏洞列表
共找到 5 个与 Label Studio 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2023-47115: Label Studio - Cross-Site Scripting POC
Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. -
CVE-2023-47117: Label Studio - Sensitive Information Exposure POC
An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. -
CVE-2023-47115: Label Studio - Cross-Site Scripting POC
Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. -
CVE-2023-47117: Label Studio - Sensitive Information Exposure POC
An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. -
label-studio-signup: Label Studio - Sign-up Detect POC
Detects the presence of the Label Studio sign-up.