{"data":{"id":"6f3a27bc-8803-4d0d-b79e-fc33dac73962","title":"CVE-2025-58177: n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scriptin","summary":"n8n, an open source workflow automation platform, has a stored XSS vulnerability (cross-site scripting, where malicious code is saved and runs in users' browsers) in versions 1.24.0 through 1.106.x. An authorized user can inject harmful JavaScript into the initialMessages field of the LangChain Chat Trigger node, and if public access is enabled, this code runs in the browsers of anyone visiting the public chat link, potentially allowing attackers to steal cookies or sensitive data through phishing.","solution":"Update to version 1.107.0 or later. As a workaround, the affected chatTrigger node can be disabled.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-58177","publishedAt":"2025-09-15T21:15:35.783Z","cveId":"CVE-2025-58177","cweIds":["CWE-79"],"cvssScore":"5.4","cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n","LangChain"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00024,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"plugin","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}