Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS
Vulnerability Description
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
FastGPT 输入验证错误漏洞
Vulnerability Description
FastGPT是labring开源的一款基于大语言模型的开源知识库问答系统。 FastGPT 4.9.12之前版本存在输入验证错误漏洞,该漏洞源于LastRoute参数验证不足,可能导致开放重定向和DOM型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A