CVE-2025-62800 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth clien…
Medium CVSS: 5.3

CVE-2025-62800

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page (oauth_callback.py) where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScript execution in the callback server origin. The issue is fixed in version 2.13.0.
Vendor
Jlowin
Product
Fastmcp
CWE
CWE-79
Yayın Tarihi
2025-10-28 22:15:36
Güncelleme
2025-11-07 01:49:53
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-79 Fastmcp MEDIUM Jlowin 2025

Referanslar

https://github.com/jlowin/fastmcp/security/advisories/GHSA-mxxr-jv3v-6pgc https://github.com/jlowin/fastmcp/security/advisories/GHSA-mxxr-jv3v-6pgc