Lucene search
K

6 matches found

Snyk
Snyk
added 2026/06/23 7:20 p.m.11 views

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhookId parameter in the Chat Trigger node. An attacker can execute arbitrary JavaScript in the context of another user's session by injecting malicious code, which is the...

7CVSS5.9AI score0.0021EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 3:46 p.m.32 views

CVE-2026-54302 n8n: Stored XSS in Chat Trigger Node

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.0021EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 10:39 p.m.8 views

n8n: Stored XSS in Chat Trigger Node

Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges. Patches T...

7CVSS5.6AI score0.0021EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/27 6:6 p.m.6 views

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Custom CSS field in the Chat Trigger node due to improper sanitization in the sanitize-html library. An authenticated user with permission to create or modify workflows and...

5.4CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/02/25 11:16 p.m.5 views

CVE-2026-27578

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...

8.5CVSS0.00185EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/25 10:40 p.m.20 views

CVE-2026-27578 n8n Vulnerable to Stored XSS via Various Nodes

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...

8.5CVSS0.00185EPSS
Exploits0References4
Rows per page
Query Builder