Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw Session Export HTML Viewer Allows Malicious Code Execution
GHSA-r294-2894-92j3
Summary
OpenClaw's exported session HTML viewer has a security flaw that allows attackers to inject malicious code. If you use OpenClaw version 2026.2.22-2 or earlier, you should update to the latest version (2026.2.23 or later). This will fix the issue and prevent potential security risks.
What to do
- Update openclaw to version 2026.2.23.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.23 | 2026.2.23 |
Original title
OpenClaw has stored XSS in exported session HTML viewer via markdown/raw-HTML rendering
Original description
## Summary
The exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata fields.
## Impact
Opening a crafted exported HTML session could execute attacker-controlled JavaScript in the viewer context. This can expose session content in the page and enable phishing or UI spoofing in the trusted export view.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.22-2`
- Patched version (released): `>= 2026.2.23`
## Technical Details
The exporter rendered markdown with `marked.parse(...)` and inserted HTML via `innerHTML`, but did not override the `html` renderer token path. Raw HTML (for example `<img ... onerror=...>`) was passed through. Additional tree/header metadata fields were interpolated without escaping in the export template.
## Reproduction
1. Create a session containing content like `<img src=x onerror=alert(1)>`.
2. Export the session to HTML.
3. Open the exported file.
4. Observe script execution from injected content.
## Remediation
- Added a `marked` `html(token)` renderer override that escapes raw HTML tokens.
- Escaped previously unescaped tree/header metadata fields in the export template.
- Added image MIME sanitization for exported data-URL image rendering.
- Added regression tests for markdown/token and metadata escaping paths.
## Fix Commit(s)
- `f8524ec77a3999d573e6c6b8a5055bf35c49a2e6`
## Release Process Note
`patched_versions` is pre-set to the released version (`>= 2026.2.23`). This advisory now reflects released fix version `2026.2.23`.
OpenClaw thanks @allsmog for reporting.
The exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata fields.
## Impact
Opening a crafted exported HTML session could execute attacker-controlled JavaScript in the viewer context. This can expose session content in the page and enable phishing or UI spoofing in the trusted export view.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.22-2`
- Patched version (released): `>= 2026.2.23`
## Technical Details
The exporter rendered markdown with `marked.parse(...)` and inserted HTML via `innerHTML`, but did not override the `html` renderer token path. Raw HTML (for example `<img ... onerror=...>`) was passed through. Additional tree/header metadata fields were interpolated without escaping in the export template.
## Reproduction
1. Create a session containing content like `<img src=x onerror=alert(1)>`.
2. Export the session to HTML.
3. Open the exported file.
4. Observe script execution from injected content.
## Remediation
- Added a `marked` `html(token)` renderer override that escapes raw HTML tokens.
- Escaped previously unescaped tree/header metadata fields in the export template.
- Added image MIME sanitization for exported data-URL image rendering.
- Added regression tests for markdown/token and metadata escaping paths.
## Fix Commit(s)
- `f8524ec77a3999d573e6c6b8a5055bf35c49a2e6`
## Release Process Note
`patched_versions` is pre-set to the released version (`>= 2026.2.23`). This advisory now reflects released fix version `2026.2.23`.
OpenClaw thanks @allsmog for reporting.
ghsa CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026