CNNVD-202509-2017 Information

CNNVD ID

CNNVD-202509-2017

Related CVE

CVE-2025-58177

• CNNVD Published: 2025-09-15

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.24.0版本至1.107.0之前版本存在跨站脚本漏洞，该漏洞源于initialMessages字段存在存储型跨站脚本，可能导致钓鱼攻击或窃取用户敏感数据。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. N8n 1.24.0 to 1.107.0 have a cross-site script loophole, which stems from the presence of stored cross-site scripts in the intial Messages field, which may lead to fishing attacks or the theft of user-sensitive data.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

n8n

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/commit/d4ef191be0b39b65efa68559a3b8d5dad2e102b2 https://github.com/n8n-io/n8n/pull/18148 https://github.com/n8n-io/n8n/security/advisories/GHSA-mvh4-2cm2-6hpg

Patch

https://github.com/n8n-io/n8n/releases