Critical Vulnerability Information Vulnerability Type Cross-Site Scripting (Reflected) via the parameter. Affected Versions Affected Versions: =1.18.0 Severity CVSS v4 Base Score: 7.6/10 CVE ID: CVE-2025-47783 Vulnerability Description Summary: Attackers can inject malicious scripts into the web context, leading to data theft, unauthorized operations, and other risks. Details: The vulnerability can be reproduced by sending a properly formatted request to the endpoint. The flaw is located at line 57 in the file . PoC (Proof of Concept) HTTP Request: HTML Page: Impact Malicious Code Execution: Users may be forced to execute unwanted actions within their Label Studio account, including accessing . Note that the Label Studio session cookie is marked as Http-only, which mitigates the risk of session hijacking.