CVE-2025-52478 – n8n Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-52478

Published : Aug. 19, 2025, 5:15 p.m. | 58 minutes ago

Description : n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node’s HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject malicious Javascript by using