CVE-2025-62800

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

EUVD-2025-36568

FastMCP vulnerable to reflected XSS in client's callback page...

FastMCP vulnerable to reflected XSS in client's callback page

Summary While setting up an oauth client, it was noticed that the callback page hosted by the client during the flow embeds user-controlled content without escaping or sanitizing it. This leads to a reflected Cross-Site-Scripting vulnerability. Details The affected code is located in...

GHSA-MXXR-JV3V-6PGC FastMCP vulnerable to reflected XSS in client's callback page

Summary While setting up an oauth client, it was noticed that the callback page hosted by the client during the flow embeds user-controlled content without escaping or sanitizing it. This leads to a reflected Cross-Site-Scripting vulnerability. Details The affected code is located in...

CVE-2025-62800

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

Cross-site Scripting (XSS)

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createcallbackhtml function. An attacker can execute arbitrary JavaScript in the context of the callback server's origin by supplying...

CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

CVE-2025-62800

FastMCP (Python framework for MCP apps) is affected prior to version 2.13.0 by a reflected XSS in the OAuth client callback page (oauth_callback.py). The vulnerability occurs when unescaped user-controlled values are inserted into the generated HTML, enabling arbitrary JavaScript execution in the...

CVE-2025-62800 FastMCP vulnerable to reflected XSS in client's callback page

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

PT-2025-44217

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.13.0 Description FastMCP, a framework for building MCP applications, is affected by a reflected cross-site scripting issue. The problem exists in the OAuth client callback page oauth callback.py due to the insertion...

FastMCP 跨站脚本漏洞

FastMCP is an MCP server builder by the individual developer Jeremiah Lowin. A cross-site scripting vulnerability exists in FastMCP versions prior to 2.13.0, which stems from an unescaped user control value on the OAuth client callback page, which could lead to a reflective cross-site scripting...

Linux Distros Unpatched Vulnerability : CVE-2023-53717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a stack-out-of-bounds write that occurs in a WMI response callback function that...

Linux Distros Unpatched Vulnerability : CVE-2025-11677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the use...

SUSE CVE-2025-62409

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...

EUVD-2022-54802

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Remove clkdisable in mtkiommuremove After the commit b34ea31fe013 "iommu/mediatek: Always enable the clk on resume", the iommu clock is controlled by the runtime callback. thus remove the clk control in the...

EUVD-2023-60028

In the Linux kernel, the following vulnerability has been resolved: media: max9286: Fix memleak in max9286v4l2register There is a kmemleak when testing the media/i2c/max9286.c with bpf mock device: kmemleak: 5 new suspected memory leaks see /sys/kernel/debug/kmemleak unreferenced object...

UBUNTU-CVE-2023-53717

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes...

CVE-2023-53717 wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a WMI response callback function writing to an invalid stack allocation buffer after a timeout, which could...