N8N's Chat Trigger component is vulnerable to XSS

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2025-56265

CVE-2025-56265 affects the N8N Chat Trigger component and is tied to an arbitrary file upload vulnerability that allows code execution via uploading a crafted HTML file in N8N versions 1.95.3, 1.100.1 and 1.101.1. The CVSSv3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack comple...