Primary

Context

n8n Stored Cross-Site Scripting Vulnerability in Attachments View Endpoint

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in n8n, a workflow automation platform, prior to version 1.90.0. This issue arises in the attachments view endpoint, where workflows can store and serve binary files to authenticated users. The vulnerability exists because there were no restrictions on the MIME types of uploaded files, allowing an authenticated attacker with member-level permissions to upload a crafted HTML file containing malicious JavaScript. When another user accesses the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user's session, potentially leading to account takeover by changing the user's email address in their account settings.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user’s session.

Remediation

Users can upgrade to n8n version 1.90.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.4

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.4

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

n8n Stored Cross-Site Scripting Vulnerability in Attachments View Endpoint

Vulnerability

Impact

Remediation

Affected Products

n8n

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating