heheer

1 exploit Active since Jun 2025
CVE-2025-52552 WRITEUP MEDIUM WRITEUP
fastgpt < 4.9.12 - Open Redirect and DOM-based Cross-Site Scripting via LastRoute Parameter
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
CVSS 6.1