n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS
Impact A Cross-site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user...