22 matches found
n8n has a Stored XSS Vulnerability in its Form Trigger
Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting XSS payload. The injected script executes persistently for every visitor of the published form, enabling form submission...
Cross-site Scripting (XSS)
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Form Trigger node. An attacker can execute arbitrary scripts in the context of users visiting a published form by injecting malicious payloads, potentially leading t...
GHSA-Q4FM-PJQ6-M63G n8n has a Stored XSS Vulnerability in its Form Trigger
Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting XSS payload. The injected script executes persistently for every visitor of the published form, enabling form submission...
CVE-2026-27578
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...
CVE-2026-27578 n8n Vulnerable to Stored XSS via Various Nodes
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...
CVE-2026-27578
Summary of CVE-2026-27578 (n8n): An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by n8n across multiple nodes (Form Trigger, Chat Trigger, Send & Wait, Webhook, Chat Node). This leads to client-side script execution in other u...
Cross-site Scripting (XSS)
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the workflow creation and editing process in various nodes, including Form Trigger, Chat Trigger, Send & Wait, Webhook, and Chat nodes. An attacker can execute arbitrary scripts...
GHSA-2P9H-RQJW-GM92 n8n Vulnerable to Stored XSS via Various Nodes
Impact An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node. Scripts injected by...
Exploit for Improper Input Validation in N8N
CVE-2026-21858 + CVE-2025-68613 - n8n RCE Exploit Unauthentic...
EUVD-2025-25193
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
n8n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied HTML input due to malicious payloads being injected via or elements in the Form Trigger node, allowing account takeover through stolen session cookies...
CVE-2025-52478
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...
CVE-2025-52478
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...
CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...
CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...
CVE-2025-52478
CVE-2025-52478 is a stored XSS in the n8n Form Trigger HTML element affecting versions 1.77.0 up to before 1.98.2. An authenticated attacker can inject malicious HTML via an with a srcdoc payload or through with a using onerror, enabling exfiltration of cookies/browser identifiers and enabling...
CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...
GHSA-HFMV-HHH3-43F2 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...
Cross-site Scripting (XSS)
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML form element on the Form Trigger node. An authenticated attacker can execute arbitrary JavaScript code in the context of authenticated users by injecting...