Cross-site Scripting (XSS)

Overview n8n-editor-ui is a Workflow Editor UI for n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the clientname parameter in the MCP OAuth client registration process. An attacker can execute arbitrary JavaScript in a victim's authenticated browser session b...

Open Redirect

Overview n8n-editor-ui is a Workflow Editor UI for n8n Affected versions of this package are vulnerable to Open Redirect via the handleDeny process. An attacker can redirect users to an external, attacker-controlled site by registering arbitrary redirecturi values and enticing victims to interact...

CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

CVE-2025-61914

Summary: CVE-2025-61914 affects n8n before version 1.114.0, where a stored XSS in the “Respond to Webhook” node could execute malicious JavaScript in the editor interface. The root cause is HTML responses with executable scripts not sandboxed as in 1.103.0, enabling a user with workflow creation ...

PT-2025-53603

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.114.0 Description n8n is a workflow automation platform. A stored Cross-Site Scripting XSS issue may occur when using the “Respond to Webhook” node in versions before 1.114.0. If this node responds with HTML content...