3 matches found
CVE-2026-56358
n8n before 1.123.25 1.x and before 2.11.2 2.x, with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can injec...
GHSA-Q4FM-PJQ6-M63G n8n has a Stored XSS Vulnerability in its Form Trigger
Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting XSS payload. The injected script executes persistently for every visitor of the published form, enabling form submission...
PT-2024-20860 · Unknown · 3Dsecure 2.0
Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 versions 3 and earlier Description: The issue allows form action hijacking via the threeDsMethod.jsp endpoint with the threeDSMethodData parameter or the threeDSMethodNotificationURL parameter. This enables modification of the...