#xss-vulnerability

1. Critical Security Flaw Exposes LLM API Keys Stored in Plain Text via localStorage Vulnerability

A documented security vulnerability in the glowos project leaves LLM API keys exposed in plain text within browser localStorage, creating an immediate attack surface for any cross-site scripting (XSS) exploit. The keys are persisted through the zustand state management library using its persist middleware, which writes...