CVE-2025-52478

Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1

Description: n8n is a workflow automation platform. A stored Cross-Site Scripting (XSS) vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an <iframe> with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject malicious Javascript by using <video> coupled with <source> using an onerror event. This allows for Account Takeover (ATO) by exfiltrating n8n-browserId and session cookies from authenticated users who visit a maliciously crafted form. Using these tokens and cookies, an attacker can impersonate the victim and change account details, such as email addresses, enabling full control over the account, especially if two-factor authentication is not enabled.

Recommendations: Upgrade to version 1.98.2 or later.