2 matches found
Cross-site Scripting (XSS)
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Custom CSS field in the Chat Trigger node due to improper sanitization in the sanitize-html library. An authenticated user with permission to create or modify workflows and...
FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting
In the plugin, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. PoC Create or edit a gallery and add the following payload in the Custom CSS field:...