Ffaggiani

Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1 Description: n8n is a workflow automation platform. A stored Cross-Site Scripting (XSS) vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an `<iframe>` with a `srcdoc` payload that includes arbitrary JavaScript execution. The attacker can also inject malicious Javascript by using `<video>` coupled with `<source>` using an `onerror` event. This allows for Account Takeover (ATO) by exfiltrating `n8n-browserId` and session cookies from authenticated users who visit a maliciously crafted form. Using these tokens and cookies, an attacker can impersonate the victim and change account details, such as email addresses, enabling full control over the account, especially if two-factor authentication is not enabled. Recommendations: Upgrade to version 1.98.2 or later.

Name of the Vulnerable Software and Affected Versions: n8n versions prior to 1.99.0 Description: The issue is a Denial of Service vulnerability in the "/rest/binary-data" endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, affecting the /rest/binary-data endpoint and n8n.cloud instances. Attackers can exploit this by sending GET requests with empty filesystem URIs to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. Recommendations: For versions prior to 1.99.0, upgrade to version 1.99.0 or later, which introduces strict checking of URI patterns to fix the issue. As a temporary workaround, consider restricting access to the /rest/binary-data endpoint to minimize the risk of exploitation. Avoid using empty filesystem URIs (filesystem:// or filesystem-v2://) in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: n8n versions prior to 1.99.1 Description: n8n is a workflow automation platform. An authorization issue was found in the "/rest/executions/:id/stop" endpoint, allowing an authenticated user to stop workflow executions they do not own or that have not been shared with them. This could lead to potential business disruption. Recommendations: For versions prior to 1.99.1, update to version 1.99.1 to resolve the issue. As a temporary workaround, consider restricting access to the "/rest/executions/:id/stop" endpoint via reverse proxy or API gateway.