Vulnerability-Lookup

CVE-2025-25296 (GCVE-0-2025-25296)

Vulnerability from cvelistv5 – Published: 2025-02-14 19:24 – Updated: 2025-02-14 20:01

Title

Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Summary

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/HumanSignal/label-studio/secur…	x_refsource_CONFIRM
	https://github.com/HumanSignal/label-studio/commi…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	HumanSignal	label-studio	Affected: < 1.16.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25296",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T20:01:11.676011Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T20:01:37.255Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "label-studio",
          "vendor": "HumanSignal",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio\u0027s `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims\u0027 browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims\u0027 contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-14T19:24:03.961Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4"
        },
        {
          "name": "https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885"
        }
      ],
      "source": {
        "advisory": "GHSA-wpq5-3366-mqw4",
        "discovery": "UNKNOWN"
      },
      "title": "Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-25296",
    "datePublished": "2025-02-14T19:24:03.961Z",
    "dateReserved": "2025-02-06T17:13:33.123Z",
    "dateUpdated": "2025-02-14T20:01:37.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-25296\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-14T20:01:11.676011Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-14T20:01:14.643Z\"}}], \"cna\": {\"title\": \"Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint\", \"source\": {\"advisory\": \"GHSA-wpq5-3366-mqw4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"HumanSignal\", \"product\": \"label-studio\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.16.0\"}]}], \"references\": [{\"url\": \"https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4\", \"name\": \"https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885\", \"name\": \"https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio\u0027s `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims\u0027 browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims\u0027 contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-02-14T19:24:03.961Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-25296\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-14T20:01:37.255Z\", \"dateReserved\": \"2025-02-06T17:13:33.123Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-02-14T19:24:03.961Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-WPQ5-3366-MQW4

Vulnerability from github – Published: 2025-02-14 15:23 – Updated: 2025-02-14 22:18

Summary

Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Details

Description

Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted label_config query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution.

The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL.

This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions.

Steps to reproduce

Create a malicious label config that includes an XSS payload in embedded task data:

<View><!-- {"data": {"text": "<div><img src=x
onerror=eval(atob(`YWxlcnQoIlhTUyIp`))></div>"}} --><HyperText name="text"
value="$text"/></View>

URL encode the payload and access the following URL:
http://app/projects/upload-example/?label_config=%3CView%3E%3C!--%20{%22data%22:%20{%22text%22:%20%22%3Cdiv%3E%3Cimg%20src=x%20onerror=eval(atob(YWxlcnQoIlhTUyIp))%3E%3C/div%3E%22}}%20--%3E%3CHyperText%20name=%22text%22%20value=%22$text%22/%3E%3C/View%3E

When executed, the payload causes the application to render an HTML page containing an img tag that fails to load, triggering the onerror event handler which executes base64-decoded JavaScript, demonstrating successful XSS execution in the victim's browser.

Mitigations

Enable the Content Security Policy in enforcement mode instead of report-only mode to actively block unauthorized script execution
Deprecate the GET behavior at the example-config endpoint since it's not used

Impact

The vulnerability requires no special privileges and can be exploited by getting a victim to visit a crafted URL. The impact is high as it allows arbitrary JavaScript execution in victims' browsers, potentially exposing sensitive data or enabling account takeover through session theft.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "label-studio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-25296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-14T15:23:03Z",
    "nvd_published_at": "2025-02-14T20:15:36Z",
    "severity": "MODERATE"
  },
  "details": "## Description\nLabel Studio\u0027s `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution.\n\nThe vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims\u0027 browsers by getting them to visit a maliciously crafted URL.\n\nThis is considered vulnerable because it enables attackers to execute JavaScript in victims\u0027 contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions.\n\n## Steps to reproduce\n1. Create a malicious label config that includes an XSS payload in embedded task data:\n\n```xml\n\u003cView\u003e\u003c!-- {\"data\": {\"text\": \"\u003cdiv\u003e\u003cimg src=x\nonerror=eval(atob(`YWxlcnQoIlhTUyIp`))\u003e\u003c/div\u003e\"}} --\u003e\u003cHyperText name=\"text\"\nvalue=\"$text\"/\u003e\u003c/View\u003e\n```\n\n\n2. URL encode the payload and access the following URL:\n\n- http://app/projects/upload-example/?label_config=%3CView%3E%3C!--%20{%22data%22:%20{%22text%22:%20%22%3Cdiv%3E%3Cimg%20src=x%20onerror=eval(atob(`YWxlcnQoIlhTUyIp`))%3E%3C/div%3E%22}}%20--%3E%3CHyperText%20name=%22text%22%20value=%22$text%22/%3E%3C/View%3E\n\nWhen executed, the payload causes the application to render an HTML page containing an img tag that fails to load, triggering the onerror event handler which executes base64-decoded JavaScript, demonstrating successful XSS execution in the victim\u0027s browser.\n   \n## Mitigations\n- Enable the Content Security Policy in enforcement mode instead of report-only mode to actively block unauthorized script execution\n- Deprecate the `GET` behavior at the `example-config` endpoint since it\u0027s not used \n\n## Impact\nThe vulnerability requires no special privileges and can be exploited by getting a victim to visit a crafted URL. The impact is high as it allows arbitrary JavaScript execution in victims\u0027 browsers, potentially exposing sensitive data or enabling account takeover through session theft.",
  "id": "GHSA-wpq5-3366-mqw4",
  "modified": "2025-02-14T22:18:12Z",
  "published": "2025-02-14T15:23:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25296"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/HumanSignal/label-studio"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint"
}

FKIE_CVE-2025-25296

Vulnerability from fkie_nvd - Published: 2025-02-14 20:15 - Updated: 2025-08-25 01:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885	Patch
	security-advisories@github.com	https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4	Exploit, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	humansignal	label_studio	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02BBAF9-C940-49A2-B686-664216C750DD",
              "versionEndExcluding": "1.16.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio\u0027s `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims\u0027 browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims\u0027 contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue."
    },
    {
      "lang": "es",
      "value": "Label Studio es una herramienta de etiquetado de datos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.16.0, el punto de conexi\u00f3n `/projects/upload-example` de Label Studio permite la inyecci\u00f3n de HTML arbitrario a trav\u00e9s de una solicitud `GET` con un par\u00e1metro de consulta `label_config` manipulado de forma adecuada. Al manipular una configuraci\u00f3n de etiqueta XML con un formato especial con datos de tareas en l\u00ednea que contienen HTML/JavaScript malicioso, un atacante puede lograr Cross-Site Scripting (XSS). Si bien la aplicaci\u00f3n tiene una Pol\u00edtica de seguridad de contenido (CSP), solo est\u00e1 configurada en modo de solo informes, lo que la hace ineficaz para evitar la ejecuci\u00f3n de scripts. La vulnerabilidad existe porque el punto de conexi\u00f3n upload-example muestra contenido HTML proporcionado por el usuario sin la depuraci\u00f3n adecuada en una solicitud GET. Esto permite a los atacantes inyectar y ejecutar JavaScript arbitrario en los navegadores de las v\u00edctimas al hacer que visiten una URL manipulada de forma maliciosa. Esto se considera vulnerable porque permite a los atacantes ejecutar JavaScript en los contextos de las v\u00edctimas, lo que potencialmente permite el robo de datos confidenciales, el secuestro de sesiones u otras acciones maliciosas. La versi\u00f3n 1.16.0 contiene un parche para el problema."
    }
  ],
  "id": "CVE-2025-25296",
  "lastModified": "2025-08-25T01:15:44.783",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-14T20:15:36.103",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-25296 (GCVE-0-2025-25296)

GHSA-WPQ5-3366-MQW4

Description

Steps to reproduce

Mitigations

Impact

FKIE_CVE-2025-25296

Tags

Sightings

Nomenclature