@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-41391 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41391 Source advisory: SNYK:JS-OPENCLAW-15899601...

EUVD-2025-41391

Malicious code in cici-tiwul10-riris npm...

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

CVE-2025-41391

creationtimestamp| type| source ---|---|--- 2025-07-31 07:47:43+00:00| seen| Telegram/5AHF6giI5d9hFeKfE8kOBfoGRFJ39nBRhajkmw2Ngr1-E...

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

CVE-2021-41391

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover...

CVE-2022-41391

creationtimestamp| type| source ---|---|--- 2022-10-14 02:28:23+00:00| seen| https://t.me/cibsecurity/51379...

CVE-2022-41391

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...

CVE-2022-41391

CVE-2022-41391 affects OcoMon v4.0, with a SQL injection in the showImg.php endpoint via the cod parameter. The root cause is unsafely handling user input in the SQL query, allowing attackers to craft requests that may compromise confidentiality, integrity, and availability (CVSS v3.1 base score ...

CVE-2021-41391

CVE-2021-41391 affects Ericsson ECM prior to 18.0. The Security Management Endpoint in the User Profile Management section is vulnerable to stored XSS via a name, enabling session hijacking and potential full account takeover. This vulnerability is documented across multiple sources (NVD entry wi...