Summary
n8n: Stored XSS in Chat Trigger Node
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-M9CV-24RX-8MV7
Filament: Disabled RichEditor field state can be used for XSS
- HIGHGHSA-9CPJ-QC93-VW8V
Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer
- HIGHGHSA-V2QM-5WXJ-QHJ7
Open WebUI: Stored XSS to Account Takeover via Model Profile Images
- HIGHGHSA-V8QJ-HXV7-MGVV
Open WebUI: Stored XSS in Mermaid Markdown Preview
- MEDIUMGHSA-6MHR-74X2-98V9
NocoDB: Stored Cross-Site Scripting via Secure Attachment
- LOWGHSA-7V5M-PR3Q-6453
Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass