7 matches found
OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config
Summary Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real shipped malicious-workspace-config env injection in the CLI backend runner, fixed by sanitizing backend...
GHSA-VFW7-6RHC-6XXG OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config
Summary Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real shipped malicious-workspace-config env injection in the CLI backend runner, fixed by sanitizing backend...
GHSA-2MWC-H2MG-V6P8 Bagisto has HTML Filter Bypass that Enables Stored XSS
Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...
SUSE CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
Design/Logic Flaw
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...