4 matches found
Cross-site Scripting (XSS)
n8n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper MIME type handling in the attachments view endpoint, allowing malicious files to be interpreted as HTML and executed in the browser...
CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint
n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...
CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint
n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...
CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint
n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...