n8n Stored Cross-Site Scripting Vulnerability in LangChain Chat Trigger Node

A stored cross-site scripting vulnerability has been identified in the n8n workflow automation platform, specifically within the LangChain Chat Trigger node, versions 1.24.0 prior to 1.107.0. The vulnerability allows an authorized user to inject malicious JavaScript into the initialMessages field. If public access is enabled, the injected script executes in the browser of anyone who visits the public chat URL. This could be exploited for phishing attacks or to steal cookies and other sensitive data from users accessing the link.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user visiting the public chat URL.

Reproduction

To reproduce this vulnerability, an authorized user must configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages field and enable public access. Once saved, the injected script will execute in the browser of any user who visits the generated public chat URL.

Remediation

Users are advised to update to n8n version 1.107.0 or later. If an immediate update is not possible, the affected LangChain Chat Trigger node can be disabled.