漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS
Vulnerability Description
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
FastGPT 输入验证错误漏洞
Vulnerability Description
FastGPT是labring开源的一款基于大语言模型的开源知识库问答系统。 FastGPT 4.9.12之前版本存在输入验证错误漏洞,该漏洞源于LastRoute参数验证不足,可能导致开放重定向和DOM型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A