15 matches found
CVE-2026-54301
Summary: CVE-2026-54301 affects n8n prior to certain fixes. An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type, bypassing the central Content-Security-Policy sandbox header. This allowed a publ...
n8n: Same-Origin XSS in Respond to Webhook Node
Impact An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript ...
NPM: n8n: Same-Origin XSS in Respond to Webhook Node
NPM: n8n: Same-Origin XSS in Respond to Webhook Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
PT-2026-50167
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with workflow edit access can configure a 'Respond to Webhook' node to serve binary content using an attacker-controlled...
Stored Cross-Site Scripting (XSS)
n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sandbox enforcement when the “Respond to Webhook” node returns HTML content with executable scripts, which allows an attacker with workflow creation privileges to execute arbitrary JavaScript in the context...
CVE-2025-61914
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...
CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...
CVE-2025-61914
Summary: CVE-2025-61914 affects n8n before version 1.114.0, where a stored XSS in the “Respond to Webhook” node could execute malicious JavaScript in the editor interface. The root cause is HTML responses with executable scripts not sandboxed as in 1.103.0, enabling a user with workflow creation ...
CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...
CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...
Cross-site Scripting (XSS)
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Respond to Webhook node when it responds with HTML content containing executable scripts. An attacker can execute arbitrary JavaScript in the context of the editor...
n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
Summary A stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced ...
GHSA-58JC-RCG5-95F3 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
Summary A stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced ...
PT-2025-53603
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.114.0 Description n8n is a workflow automation platform. A stored Cross-Site Scripting XSS issue may occur when using the “Respond to Webhook” node in versions before 1.114.0. If this node responds with HTML content...
n8n 跨站脚本漏洞
n8n is a scalable workflow automation tool from n8n open source. A cross-site scripting vulnerability exists in versions prior to n8n 1.114.0 that stems from the Respond to Webhook node not being properly sandboxed when processing HTML content, which could lead to an attacker with workflow creati...