6 matches found
CVE-2026-54302
CVE-2026-54302 — n8n: Stored XSS in Chat Trigger Node . An authenticated user with workflow edit access could inject JavaScript into the Chat Trigger page by setting a malicious webhookId. When a logged-in user visited the chat URL, the code executed in the n8n origin under that user’s session. A...
NPM: n8n: Stored XSS in Chat Trigger Node
NPM: n8n: Stored XSS in Chat Trigger Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
GHSA-V2X8-97XQ-8XRR N8N's Chat Trigger component is vulnerable to XSS
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...
N8N's Chat Trigger component is vulnerable to XSS
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...
CVE-2025-56265
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...
PT-2025-36488
Name of the Vulnerable Software and Affected Versions: N8N versions 1.95.3, 1.100.1, and 1.101.1 Description: An arbitrary file upload vulnerability exists in the Chat Trigger component of N8N. This allows attackers to execute arbitrary code by uploading a crafted HTML file. Recommendations: Upda...