Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 11:25 p.m.3 views

CVE-2026-27009 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without script-context-safe escaping. A crafted value containing could break out of the script tag and execute...

5.8CVSS5.5AI score0.00228EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/19 11:25 p.m.25 views

CVE-2026-27009 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without script-context-safe escaping. A crafted value containing could break out of the script tag and execute...

5.8CVSS0.00228EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/18 10:44 p.m.6 views

OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

Summary Stored XSS in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without script-context-safe escaping. A crafted value containing could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Affected Packages ...

5.8CVSS5.8AI score0.00228EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder