{
  "schema_version": "1.4.0",
  "id": "GHSA-wpq5-3366-mqw4",
  "modified": "2025-02-14T22:18:12Z",
  "published": "2025-02-14T15:23:03Z",
  "aliases": [
    "CVE-2025-25296"
  ],
  "summary": "Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint",
  "details": "## Description\nLabel Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution.\n\nThe vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL.\n\nThis is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions.\n\n## Steps to reproduce\n1. Create a malicious label config that includes an XSS payload in embedded task data:\n\n```xml\n<View><!-- {\"data\": {\"text\": \"<div><img src=x\nonerror=eval(atob(`YWxlcnQoIlhTUyIp`))></div>\"}} --><HyperText name=\"text\"\nvalue=\"$text\"/></View>\n```\n\n\n2. URL encode the payload and access the following URL:\n\n- http://app/projects/upload-example/?label_config=%3CView%3E%3C!--%20{%22data%22:%20{%22text%22:%20%22%3Cdiv%3E%3Cimg%20src=x%20onerror=eval(atob(`YWxlcnQoIlhTUyIp`))%3E%3C/div%3E%22}}%20--%3E%3CHyperText%20name=%22text%22%20value=%22$text%22/%3E%3C/View%3E\n\nWhen executed, the payload causes the application to render an HTML page containing an img tag that fails to load, triggering the onerror event handler which executes base64-decoded JavaScript, demonstrating successful XSS execution in the victim's browser.\n   \n## Mitigations\n- Enable the Content Security Policy in enforcement mode instead of report-only mode to actively block unauthorized script execution\n- Deprecate the `GET` behavior at the `example-config` endpoint since it's not used \n\n## Impact\nThe vulnerability requires no special privileges and can be exploited by getting a victim to visit a crafted URL. The impact is high as it allows arbitrary JavaScript execution in victims' browsers, potentially exposing sensitive data or enabling account takeover through session theft.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "label-studio"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-wpq5-3366-mqw4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25296"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HumanSignal/label-studio/commit/8cf6958e1e27ef6a03ed287e674470975d340885"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/HumanSignal/label-studio"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-14T15:23:03Z",
    "nvd_published_at": "2025-02-14T20:15:36Z"
  }
}