PT-2026-25414 — XSS in Npm Openclaw

PT-2026-25414 · Npm · Openclaw

Published

2026-03-03

Updated

2026-03-03

CVSS v4.0

2.4

Low

Vector

AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Summary

The HTML session exporter (src/auto-reply/reply/export-html/template.js) interpolates img.mimeType directly into <img src="data:..."> attributes without validation or escaping. A crafted mimeType value (e.g., x" onerror="alert(1)) can break out of the attribute context and execute arbitrary JavaScript.

Impact

An attacker who can control image entries in session data (via crafted tool results or session manipulation) can achieve XSS when the exported HTML is opened. The precondition is tighter than the main XSS finding (requires image content blocks with a malicious mimeType), but exploitation is straightforward.

Affected components

src/auto-reply/reply/export-html/template.js — line 1032 (tool result images), line 1306 (user message images)

Reproduction

Craft a session entry with an image content block where mimeType is set to image/png" onerror="alert(document.domain)
Export the session to HTML
Open the exported HTML — the injected onerror fires

Remediation

Added sanitizeImageMimeType() helper that validates mimeType against a whitelist of known image MIME types
Falls back to application/octet-stream for unrecognized values, preventing attribute breakout

Fix

https://github.com/openclaw/openclaw/pull/24140

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-2WW6-868G-2C56

Affected Products

Openclaw