4 matches found
CVE-2025-46343
n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...
CVE-2025-46343
creationtimestamp| type| source ---|---|--- 2025-04-29 05:11:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13787 2025-04-29 07:50:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnwsbufr4n2v 2025-04-29 08:28:14+00:00| seen|...
CVE-2025-46343
CVE-2025-46343 affects n8n prior to 1.90.0. The issue is stored XSS via the attachments view endpoint where uploaded binaries are served with an attacker-controlled MIME type. An authenticated member could upload an HTML file and, when a user requests the binary with MIME type text/html, the scri...
@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2025-46343 via n8n (>=0.138.0 <=0.93.0)
n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2025-46343 Source advisory: OSV:GHSA-C8HM-HR8H-5XJW...