9 matches found
n8n: Stored XSS in Chat Trigger Node
Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges. Patches T...
Cross-site Scripting (XSS)
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat URL by...
Cross-site Scripting (XSS)
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat UR...
BIT-DISCOURSE-2024-53994 Potential bypass of chat permissions in Discourse
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable...
CVE-2024-53994 Potential bypass of chat permissions in Discourse
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable...
CVE-2024-53994 Potential bypass of chat permissions in Discourse
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable...
PT-2025-3011 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest version Description: The issue affects users who disable chat in preferences but could still be reachable in some cases. The estimated number of potentially affected devices worldwide is not available...
PT-2024-2687 · Zoom · Zoom Desktop Client For Windows +2
Name of the Vulnerable Software and Affected Versions: Zoom Desktop Client for Windows affected versions not specified Zoom VDI Client for Windows affected versions not specified Zoom Meeting SDK for Windows affected versions not specified Description: The issue is related to improper input...
PT-2022-27355 · Webtareas · Webtareas
Name of the Vulnerable Software and Affected Versions: webtareas version 2.4p5 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field in the Chat function. This enables the execution of malicious code, potentially...