GHSA-Q4FM-PJQ6-M63G n8n has a Stored XSS Vulnerability in its Form Trigger

Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting XSS payload. The injected script executes persistently for every visitor of the published form, enabling form submission...

PT-2024-20860 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 versions 3 and earlier Description: The issue allows form action hijacking via the threeDsMethod.jsp endpoint with the threeDSMethodData parameter or the threeDSMethodNotificationURL parameter. This enables modification of the...