Lucene search
K

19 matches found

CVE
CVE
added 2026/06/23 3:44 p.m.15 views

CVE-2026-54301

Summary: CVE-2026-54301 affects n8n prior to certain fixes. An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type, bypassing the central Content-Security-Policy sandbox header. This allowed a publ...

7CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 7:0 p.m.4 views

NPM: n8n: Same-Origin XSS in Respond to Webhook Node

NPM: n8n: Same-Origin XSS in Respond to Webhook Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:0 p.m.8 views

n8n: Same-Origin XSS in Respond to Webhook Node

Impact An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript ...

7CVSS5.6AI score0.00216EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50167

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with workflow edit access can configure a 'Respond to Webhook' node to serve binary content using an attacker-controlled...

7.6CVSS5.9AI score0.00216EPSS
Exploits0References6
Veracode
Veracode
added 2026/01/12 10:40 a.m.10 views

Stored Cross-Site Scripting (XSS)

n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sandbox enforcement when the “Respond to Webhook” node returns HTML content with executable scripts, which allows an attacker with workflow creation privileges to execute arbitrary JavaScript in the context...

7.3CVSS6.1AI score0.00217EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.13 views

CVE-2025-61914

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

7.3CVSS5.9AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/12/26 9:48 p.m.16 views

CVE-2025-61914

Summary: CVE-2025-61914 affects n8n before version 1.114.0, where a stored XSS in the “Respond to Webhook” node could execute malicious JavaScript in the editor interface. The root cause is HTML responses with executable scripts not sandboxed as in 1.103.0, enabling a user with workflow creation ...

7.3CVSS5.5AI score0.00217EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/26 9:48 p.m.22 views

CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

7.3CVSS0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/26 9:48 p.m.4 views

CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

7.3CVSS5.5AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/12/26 9:48 p.m.7 views

CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

7.3CVSS5.9AI score0.00217EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/26 5:30 p.m.4 views

Cross-site Scripting (XSS)

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Respond to Webhook node when it responds with HTML content containing executable scripts. An attacker can execute arbitrary JavaScript in the context of the editor...

7.3CVSS5.5AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 5:30 p.m.5 views

GHSA-58JC-RCG5-95F3 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

Summary A stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced ...

7.3CVSS6.1AI score0.00217EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/26 5:30 p.m.11 views

n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

Summary A stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced ...

7.3CVSS6.2AI score0.00217EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.4 views

n8n 跨站脚本漏洞

n8n is a scalable workflow automation tool from n8n open source. A cross-site scripting vulnerability exists in versions prior to n8n 1.114.0 that stems from the Respond to Webhook node not being properly sandboxed when processing HTML content, which could lead to an attacker with workflow creati...

7.3CVSS5.8AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53603

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.114.0 Description n8n is a workflow automation platform. A stored Cross-Site Scripting XSS issue may occur when using the “Respond to Webhook” node in versions before 1.114.0. If this node responds with HTML content...

7.3CVSS5.8AI score0.00217EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.18 views

PrivTru: a Privacy-By-Design Data Trustee Minimizing Information Leakage

Data trustees serve as intermediaries that facilitate secure data sharing between independent parties. This paper offers a technical perspective on Data trustees, guided by privacy-by-design principles. We introduce PrivTru, an instantiation of a data trustee that provably achieves optimal privac...

6.7AI score
Exploits0
MSRC
MSRC
added 2021/02/18 8:0 a.m.16 views

Microsoft Internal Solorigate Investigation - Final Update

We believe the Solorigate incident is an opportunity to work with the community, to share information, strengthen defenses and respond to attacks. We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidenc...

2.3AI score
Exploits0
RubySec
RubySec
added 2019/03/13 12:0 a.m.43 views

Denial of Service Vulnerability in Action View

There is a potential denial of service vulnerability in actionview. This vulnerability has been assigned the CVE identifier CVE-2019-5419. Impact ------ Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process...

7.8CVSS1.8AI score0.08671EPSS
Exploits3References1Affected Software1
seebug.org
seebug.org
added 2009/02/13 12:0 a.m.19 views

Becky! Internet Mail Read Receipt请求缓冲区溢出漏洞

BUGTRAQ ID: 33756 Becky! Internet Mail是一个常用的Email客户端软件。 Becky! Internet Mail客户端没有正确地处理read receipt请求。如果用户查看了特制的邮件并允许发送read receipt请求的话,就可以触发缓冲区溢出,导致执行任意代码。 RimArts Becky! Internet Mail 2.48.02 厂商补丁: RimArts ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.rimarts.co.jp/index.html 在General...

6.9AI score
Exploits0
Rows per page
Query Builder