Lucene search
K

6 matches found

CVE
CVE
added 2026/06/23 3:46 p.m.13 views

CVE-2026-54302

CVE-2026-54302 — n8n: Stored XSS in Chat Trigger Node . An authenticated user with workflow edit access could inject JavaScript into the Chat Trigger page by setting a malicious webhookId. When a logged-in user visited the chat URL, the code executed in the n8n origin under that user’s session. A...

7CVSS6AI score0.0021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 10:39 p.m.3 views

NPM: n8n: Stored XSS in Chat Trigger Node

NPM: n8n: Stored XSS in Chat Trigger Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7CVSS5.8AI score0.0021EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/09/08 6:31 p.m.5 views

GHSA-V2X8-97XQ-8XRR N8N's Chat Trigger component is vulnerable to XSS

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...

8.8CVSS7.8AI score0.00557EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/09/08 6:31 p.m.12 views

N8N's Chat Trigger component is vulnerable to XSS

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...

8.8CVSS7.8AI score0.00557EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/09/08 6:15 p.m.22 views

CVE-2025-56265

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...

8.8CVSS0.00557EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.7 views

PT-2025-36488

Name of the Vulnerable Software and Affected Versions: N8N versions 1.95.3, 1.100.1, and 1.101.1 Description: An arbitrary file upload vulnerability exists in the Chat Trigger component of N8N. This allows attackers to execute arbitrary code by uploading a crafted HTML file. Recommendations: Upda...

8.8CVSS7.2AI score0.00557EPSS
Exploits1References12
Rows per page
Query Builder