CVE-2026-25647

Lute

PT-2026-6776

Name of the Vulnerable Software and Affected Versions Lute versions prior to 1.7.7 Description Lute, a structured Markdown engine supporting Go and JavaScript, contains a Stored Cross-Site Scripting XSS issue in its Markdown rendering engine. An attacker can inject malicious JavaScript into...

CVE-2026-25054

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

Cross-site Scripting (XSS)

Overview @n8n/design-system is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown rendering process in the workflow user interface. An attacker can execute arbitrary scripts in the context of another user's session by crafting malicious markdown conten...

GHSA-QPQ4-PW7F-PP8W n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI

Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...

n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI

Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...

CVE-2026-25054

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

CVE-2026-25054

CVE-2026-25054 affects n8n, an open source workflow automation platform. The vulnerability is a stored Cross-site Scripting (XSS) in the markdown rendering component used in the UI (including workflow sticky notes and other markdown areas). An authenticated user with permission to create/modify w...

CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

EUVD-2026-5417

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

PT-2026-6263

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.9 n8n versions prior to 2.2.1 Description n8n is a workflow automation platform. A Cross-Site Scripting XSS issue existed in a markdown rendering component within the n8n interface, affecting areas that support...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.9 and 2.2.1 contained security vulnerabilities. These vulnerabilities were due to improper handling of the Markdown rendering component, which could lead to cross-site scripting attacks,...

EUVD-2026-3292

SiYuan vulnerable to Arbitrary file Read / SSRF...

CVE-2026-23850

SiYuan vulnerable to SSRF/LFD via createDocWithMd: unsanitized markdown can reach local files or internal resources. Affected versions prior to 3.5.4; fix is 3.5.4+. Public sources (OSV, GHSA, Snyk, Red Hat) describe SSRF through markdown handling in kernel/model/file.go and kernel/api/filetree.g...

PT-2026-2316

Name of the Vulnerable Software and Affected Versions OpenCode versions prior to 1.1.10 Description The software is an open source AI coding agent. The markdown renderer used for responses from large language models inserts arbitrary HTML into the Document Object Model DOM without sanitization...

NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

Summary An unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. Details 1. On click, eventually subpagesnavigate event is emitted...

CVE-2025-42620

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the relatedvulnerabilities field of bundles accepted arbitrary strings without format validation or proper...

CVE-2025-66562

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...