n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1.

N/A

Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)

n8n 安全漏洞

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.123.9之前版本和2.2.1之前版本存在安全漏洞，该漏洞源于Markdown渲染组件处理不当，可能导致跨站脚本攻击、会话劫持和账户接管。

N/A

N/A