14Şub
CVE-2025-25296 | HumanSignal label-studio up to 1.15.x URL /projects/upload-example label_config cross site scripting (GHSA-wpq5-3366-mqw4)
A vulnerability, which was classified as problematic, was found in HumanSignal label-studio up to 1.15.x. This affects an unknown part of the file /projects/upload-example of the component URL Handler. The manipulation of the argument label_config leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-25296. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.