CNNVD-202508-2180 Information

CNNVD ID

CNNVD-202508-2180

Related CVE

CVE-2025-52478

• CNNVD Published: 2025-08-19

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.77.0至1.98.2之前版本存在跨站脚本漏洞，该漏洞源于Form Trigger节点的HTML表单元素存在存储型跨站脚本，可能导致账户接管。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. n8n 1.77.0 to 1.98.2 has a cross-site script loophole that originates from the storage-type cross-site script of the HTML form at the Form Trigger node, which may result in the account being taken over.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

n8n

Published

2025-08-19

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-hfmv-hhh3-43f2 https://github.com/n8n-io/n8n/pull/16329 https://github.com/n8n-io/n8n/commit/7940384a85041a1890b1203d69c092c887312500 https://access.redhat.com/security/cve/cve-2025-52478 https://nvd.nist.gov/vuln/detail/CVE-2025-52478

Patch

https://github.com/n8n-io/n8n/releases