GHSA-r294-2894-92j3

Suggest an improvement
Source
https://github.com/advisories/GHSA-r294-2894-92j3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-r294-2894-92j3/GHSA-r294-2894-92j3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-r294-2894-92j3
Downstream
Published
2026-03-03T22:09:26Z
Modified
2026-03-04T15:16:22.593407Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
OpenClaw has stored XSS in exported session HTML viewer via markdown/raw-HTML rendering
Details

Summary

The exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata fields.

Impact

Opening a crafted exported HTML session could execute attacker-controlled JavaScript in the viewer context. This can expose session content in the page and enable phishing or UI spoofing in the trusted export view.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.22-2
  • Patched version (released): >= 2026.2.23

Technical Details

The exporter rendered markdown with marked.parse(...) and inserted HTML via innerHTML, but did not override the html renderer token path. Raw HTML (for example <img ... onerror=...>) was passed through. Additional tree/header metadata fields were interpolated without escaping in the export template.

Reproduction

  1. Create a session containing content like <img src=x onerror=alert(1)>.
  2. Export the session to HTML.
  3. Open the exported file.
  4. Observe script execution from injected content.

Remediation

  • Added a marked html(token) renderer override that escapes raw HTML tokens.
  • Escaped previously unescaped tree/header metadata fields in the export template.
  • Added image MIME sanitization for exported data-URL image rendering.
  • Added regression tests for markdown/token and metadata escaping paths.

Fix Commit(s)

  • f8524ec77a3999d573e6c6b8a5055bf35c49a2e6

Release Process Note

patched_versions is pre-set to the released version (>= 2026.2.23). This advisory now reflects released fix version 2026.2.23.

OpenClaw thanks @allsmog for reporting.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T22:09:26Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "nvd_published_at": null
}
References

Affected packages

npm / openclaw

Package

Name
openclaw
View open source insights on deps.dev
Purl
pkg:npm/openclaw

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2026.2.23

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-r294-2894-92j3/GHSA-r294-2894-92j3.json"