OpenClaw Cross-Site Request Forgery Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a cross-site request forgery vulnerability that stems from a browser-oriented local host change route accepting cross-domain browser requests without explicit Origin/Referer validation, which can be...

OpenClaw 跨站请求伪造漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a cross-site request forgery vulnerability that stems from a browser-oriented local host change route accepting cross-domain browser requests without explicit Origin/Referer validation, which can be...

GHSA-3FQR-4CG8-H96Q OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints

Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. Impact A malicious website can trigger unauthorized...

CVE-2025-34429

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

CVE-2025-62797

FluxCP CSRF in the FluxCP-based website template for rAthena servers (PHP) allows state-changing POST requests to be executed via a logged-in user without per-request anti-CSRF tokens or robust Origin/Referer validation. An attacker luring a user to a malicious page can force actions on the user’...