CVE-2026-4915

Mattermost is affected in CVE-2026-4915 across multiple release streams (11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from vulnerabilities in webhook responses, which could allow attackers to rebind chat responses to unintende...

BIT-GITLAB-2025-12576 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data...

GHSA-825Q-W924-XHGX n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Impact A Cross-site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user...

n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Impact A Cross-site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user...

Cross-site Scripting (XSS)

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper enforcement of Content Security Policy in webhook response handling. An attacker can execute unauthorized scripts with same-origin privileges by crafting...

CVE-2026-25051 n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to...

CVE-2026-25051

CVE-2026-25051 affects n8n (open source workflow automation). The issue is an XSS in the handling of webhook responses and related HTTP endpoints where CSP sandbox protection may not be applied under certain conditions. An authenticated user with permission to create/modify workflows could abuse ...

CVE-2026-25051 n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to...

n8n 跨站脚本漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of Webhook responses and HTTP endpoints, potentially leading to cross-site scripting attack...

PT-2026-6260

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.2 Description n8n is a workflow automation platform. A Cross-Site Scripting XSS issue exists in the handling of webhook responses and related HTTP endpoints. The Content Security Policy CSP sandbox protection may no...