CVE-2025-47783 – Label Studio Cross-Site Scripting (XSS)

May 15, 2025

CVE ID : CVE-2025-47783

Published : May 14, 2025, 11:15 p.m. | 3 hours, 51 minutes ago

Description : Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attacks. The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. Version 1.18.0 contains a patch for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4579 – WordPress Content Security Plugin Stored Cross-Site Scripting

Next Article CVE-2025-46836 – Net-tools Unvalidated Stack Buffer Overflow

Highlights

CVE-2025-4322 – WordPress Motors Theme Privilege Escalation Vulnerability

May 20, 2025

CVE ID : CVE-2025-4322

Published : May 20, 2025, 6:15 a.m. | 1 hour, 46 minutes ago

Description : The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user’s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

I’ve tested every Samsung Galaxy phone in 2025 – here’s the model I’d recommend on sale

Google Photos just put all its best editing tools a tap away – here’s the shortcut

Claude can teach you how to code now, and more – how to try it

One of the best work laptops I’ve tested has MacBook written all over it (but it’s even better)

Controlling Execution Flow with Laravel’s Sleep Helper

Controlling Execution Flow with Laravel’s Sleep Helper

Generate Secure Temporary Share Links for Files in Laravel

This Week in Laravel: Filament 4, Laravel Boost, and Junie Review

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

FOSS Weekly #25.33: Debian 13 Released, Torvalds vs RISC-V, Arch’s New Tool, GNOME Perfection and More Linux Stuff

Ultimate ChatGPT-5 Prompt Guide: 52 Ideas for Any Task

CVE-2025-47783 – Label Studio Cross-Site Scripting (XSS)

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

From Banking Darling to $1B Fraud Magnet: Inside the Zelle Lawsuit 2025

New Adobe Security Update Fixes Critical Exploits — Don’t Delay Your Update

Ubuntu 25.10 Drops Support for GNOME on Xorg

Windows Administrators Blog Named One of FeedSpot’s Top 25 Microsoft Windows Blogs

CVE-2025-8523 – RiderLike Fruit Crush-Brain App Android Component Export Vulnerability

CVE-2025-4322 – WordPress Motors Theme Privilege Escalation Vulnerability

Top 10 new Windows 11 features and changes unveiled via the Insider Program in June 2025 — and where to find them

The AI model race has suddenly gotten a lot closer, say Stanford scholars

New to the web platform in April

CVE-2025-47783 – Label Studio Cross-Site Scripting (XSS)

Related Posts