10 matches found
CVE-2025-52478
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...
CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...
Linux Distros Unpatched Vulnerability : CVE-2025-6425
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between...
firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and...
firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and...
firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and...
firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and...
CVE-2025-6425
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12,...
UBUNTU-CVE-2025-6425
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...