Lucene search
K

8 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.8 views

CVE-2026-56823

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS0.0015EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:46 p.m.6 views

CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS6AI score0.0021EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:46 p.m.32 views

CVE-2026-54302 n8n: Stored XSS in Chat Trigger Node

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:46 p.m.7 views

EUVD-2026-38477

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS6AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:46 p.m.14 views

CVE-2026-54302

CVE-2026-54302 — n8n: Stored XSS in Chat Trigger Node . An authenticated user with workflow edit access could inject JavaScript into the Chat Trigger page by setting a malicious webhookId. When a logged-in user visited the chat URL, the code executed in the n8n origin under that user’s session. A...

7CVSS6AI score0.0021EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50168

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with workflow edit access can inject arbitrary JavaScript into the page generated by the Chat Trigger by providing a...

7.6CVSS6.1AI score0.0021EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /webhooks/webhookId interface. A low-privileged attacker can exploit this vulnerability to obtain, modify, or...

9.1CVSS6.8AI score0.00355EPSS
Exploits0References2
Rows per page
Query Builder