5H0Lm3S

**Name of the Vulnerable Software and Affected Versions** n8n versions 1.24.0 through 1.106.0 **Description** n8n is a workflow automation platform. A stored cross-site scripting (XSS) vulnerability exists in the `@n8n/n8n-nodes-langchain.chatTrigger` node. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the `initialMessages` field and enable public access, leading to payload execution in the browser of any user who visits the resulting public chat URL. This could be used for phishing or to steal cookies or other sensitive data from users accessing the public chat link. **Recommendations** Update to version 1.107.0 or later. As a workaround, disable the `@n8n/n8n-nodes-langchain.chatTrigger` node.