Pfelilpe

**Name of the Vulnerable Software and Affected Versions** n8n versions 1.24.0 through 1.106.0 **Description** n8n is a workflow automation platform. A stored cross-site scripting (XSS) vulnerability exists in the `@n8n/n8n-nodes-langchain.chatTrigger` node. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the `initialMessages` field and enable public access, leading to payload execution in the browser of any user who visits the resulting public chat URL. This could be used for phishing or to steal cookies or other sensitive data from users accessing the public chat link. **Recommendations** Update to version 1.107.0 or later. As a workaround, disable the `@n8n/n8n-nodes-langchain.chatTrigger` node.

Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1 Description: n8n is a workflow automation platform. A stored Cross-Site Scripting (XSS) vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an `<iframe>` with a `srcdoc` payload that includes arbitrary JavaScript execution. The attacker can also inject malicious Javascript by using `<video>` coupled with `<source>` using an `onerror` event. This allows for Account Takeover (ATO) by exfiltrating `n8n-browserId` and session cookies from authenticated users who visit a maliciously crafted form. Using these tokens and cookies, an attacker can impersonate the victim and change account details, such as email addresses, enabling full control over the account, especially if two-factor authentication is not enabled. Recommendations: Upgrade to version 1.98.2 or later.

Name of the Vulnerable Software and Affected Versions: n8n versions prior to 1.99.0 Description: The issue is a Denial of Service vulnerability in the "/rest/binary-data" endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, affecting the /rest/binary-data endpoint and n8n.cloud instances. Attackers can exploit this by sending GET requests with empty filesystem URIs to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. Recommendations: For versions prior to 1.99.0, upgrade to version 1.99.0 or later, which introduces strict checking of URI patterns to fix the issue. As a temporary workaround, consider restricting access to the /rest/binary-data endpoint to minimize the risk of exploitation. Avoid using empty filesystem URIs (filesystem:// or filesystem-v2://) in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: n8n versions prior to 1.99.1 Description: n8n is a workflow automation platform. An authorization issue was found in the "/rest/executions/:id/stop" endpoint, allowing an authenticated user to stop workflow executions they do not own or that have not been shared with them. This could lead to potential business disruption. Recommendations: For versions prior to 1.99.1, update to version 1.99.1 to resolve the issue. As a temporary workaround, consider restricting access to the "/rest/executions/:id/stop" endpoint via reverse proxy or API gateway.

**Name of the Vulnerable Software and Affected Versions** Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress versions up to, and including, 4.15.3 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages by tricking a user into performing an action, such as clicking on a link, using the `idsite` parameter. **Recommendations** For versions up to, and including, 4.15.3, update to a version higher than 4.15.3 to resolve the issue. As a temporary workaround, consider restricting access to the `idsite` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress versions up to, and including, 2.6.6 **Description** The issue is related to Stored Cross-Site Scripting via the Google Captcha Site Key due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 2.6.6, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrator-level access to trusted users only and enabling the unfiltered html capability for administrators to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Insert PHP Code Snippet plugin for WordPress versions up to, and including, 1.3.4 **Description** The issue allows for Stored Cross-Site Scripting via the user's name when accessing the "insert-php-code-snippet-manage" page due to insufficient input sanitization and output escaping. This enables authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For Insert PHP Code Snippet plugin for WordPress versions up to, and including, 1.3.4, update to a version later than 1.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the insert-php-code-snippet-manage page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bit Form WordPress plugin versions prior to 1.9 **Description** The issue allows unauthenticated users to upload arbitrary file types, such as PHP or HTML files, to the server via the file upload form field, leading to Remote Code Execution. This is due to the lack of validation of file types uploaded through this field. **Recommendations** For versions prior to 1.9, update to version 1.9 or later to resolve the issue. As a temporary workaround, consider disabling the file upload form field until a patch is available. Restrict access to the server to minimize the risk of exploitation.