Lucene search
+L

4 matches found

NVD
NVD
added 2025/04/29 5:15 a.m.37 views

CVE-2025-46343

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...

5.4CVSS0.00217EPSS
Exploits0References4
Circl
Circl
added 2025/04/29 5:11 a.m.10 views

CVE-2025-46343

creationtimestamp| type| source ---|---|--- 2025-04-29 05:11:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13787 2025-04-29 07:50:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnwsbufr4n2v 2025-04-29 08:28:14+00:00| seen|...

5.4CVSS4.8AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2025/04/29 4:35 a.m.93 views

CVE-2025-46343

CVE-2025-46343 affects n8n prior to 1.90.0. The issue is stored XSS via the attachments view endpoint where uploaded binaries are served with an attacker-controlled MIME type. An authenticated member could upload an HTML file and, when a user requests the binary with MIME type text/html, the scri...

5.4CVSS4.7AI score0.00217EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/04/28 9:2 p.m.10 views

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2025-46343 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2025-46343 Source advisory: OSV:GHSA-C8HM-HR8H-5XJW...

5.4CVSS5.8AI score0.00217EPSS
Exploits0
Rows per page
Query Builder