CVE-2024-23633 | HumanSignal label-studio up to 1.10.0 Avatar Image data_import/uploader.py cross site scripting (GHSA-fq23-g58m-799r)

Posted by Angelo Barbosa | Jan 24, 2024 | CVE

A vulnerability has been found in HumanSignal label-studio up to 1.10.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file data_import/uploader.py of the component Avatar Image Handler. The manipulation leads to cross site scripting.

This vulnerability is known as CVE-2024-23633. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-23633 | HumanSignal label-studio up to 1.10.0 Avatar Image data_import/uploader.py cross site scripting (GHSA-fq23-g58m-799r)

Related Posts

CVE-2024-4604 | Magarsus Consultancy SSO 1.0 redirect

CVE-2022-24807 | Net-SNMP up to 5.9.1 OID vacmAccessTable unknown vulnerability

CVE-2023-52043 | D-Link COVR 1100 AC1200/COVR 1102 AC1200/COVR 1103 AC1200 Wireless Access Point Password improper authentication

CVE-2023-7150 | Chic Beauty Salon 20230703 Product product-list.php unrestricted upload