GHSA-37GC-85XM-2WW6 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection
Summary Stored XSS in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without script-context-safe escaping. A crafted value containing could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Affected Packages ...