What is CVE-2025-47783?

CVE-2025-47783 is a vulnerability in Humansignal Label-studio, classified under Cross-site Scripting. Published 2025-05-14.

Is CVE-2025-47783 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Humansignal Label-studio

CVE-2025-47783

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, un…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (41.7th percentile) — read the EPSS interpretation.

Affected products

Humansignal Label-studio — versions < 1.18.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

Medok228/Medok228

References

https://github.com/HumanSignal/label-studio/security/advisories/GHSA-8jhr-wpcm-hh4h (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-47783?: CVE-2025-47783 is a vulnerability in Humansignal Label-studio, classified under Cross-site Scripting. Published 2025-05-14.
Is CVE-2025-47783 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.