GitHub

Unauthenticated arbitrary S3 object write via unsanitized fileName in generate-upload-url (stored XSS / content hosting)

Stored XSS: an attacker uploads …/payload.html with Content-Type: text/html and a <script> body; it is served verbatim from the file URL. Where bot file URLs are served from a subdomain of / proxied ...
GitHub

Sehab121/awesome-openclaw-skills-CN

Discover and access 2,868 categorized OpenClaw skills with Chinese support, easing development without language barriers or complex setup. - Sehab121/awesome-openclaw-skills-CN ...