Understanding and Mitigating Stored XSS in n8n's Chat Trigger Node
A stored XSS vulnerability was discovered in n8n's Chat Trigger Node, allowing authenticated users with workflow edit access to inject arbitrary JavaScript. This could lead to code execution with the privileges of a logged-in user. The vulnerability has been patched in several n8n versions.