Primary

Context

FastGPT Open Redirect and DOM-Based Cross-Site Scripting Vulnerability

Vulnerability

A vulnerability in FastGPT, an AI agent building platform, prior to version 4.9.12, allows for open redirects and DOM-based cross-site scripting (XSS) via the LastRoute parameter on the login page. The issue stems from inadequate validation and sanitization of the parameter, which enables attackers to execute malicious JavaScript or redirect users to sites controlled by the attacker.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of users or execution of malicious scripts in the context of the user's browser.

Remediation

Users can upgrade to FastGPT version 4.9.12 or later to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FastGPT Open Redirect and DOM-Based Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating