2 matches found
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...
PT-2024-20800 · Kickdler · Kickdler
Name of the Vulnerable Software and Affected Versions: Kickdler versions prior to 1.107.0 Description: The issue allows attackers to provide an XSS payload via a HTTP response splitting attack. Recommendations: For versions prior to 1.107.0, update to version 1.107.0 or later to resolve the issue...