Tag
#n8n
blogHIGH 7.0
Understanding and Mitigating Stored XSS in n8n's Chat Trigger Node
A stored XSS vulnerability was discovered in n8n's Chat Trigger Node, allowing authenticated users with workflow edit access to inject arbitrary JavaScript. This could lead to code execution with the privileges of a logged-in user. The vulnerability has been patched in several n8n versions.
newsHIGH 7.2
n8n Microsoft SQL Node Vulnerability Allows Prototype Pollution
A vulnerability in the Microsoft SQL node of n8n allows authenticated users to achieve global prototype pollution, rendering the n8n instance non-functional. The issue has been fixed in n8n version 2.24.0.