Improve GHSA-3c7f-5hgj-h279

ioaniftimesei · ioaniftimesei · commit 585556eac550 · 2026-04-03T18:01:58.000+03:00
diff --git a/advisories/github-reviewed/2026/03/GHSA-3c7f-5hgj-h279/GHSA-3c7f-5hgj-h279.json b/advisories/github-reviewed/2026/03/GHSA-3c7f-5hgj-h279/GHSA-3c7f-5hgj-h279.json
@@ -1,16 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3c7f-5hgj-h279",
-  "modified": "2026-03-27T18:06:49Z",
+  "modified": "2026-03-27T18:06:50Z",
   "published": "2026-03-27T18:06:49Z",
   "aliases": [],
   "summary": "n8n has XSS in Chat Trigger Node through Custom CSS",
   "details": "## Impact\nAn authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the `sanitize-html` library, the sanitization could be bypassed, resulting in stored XSS on the public chat page. Any user visiting the chat URL would be affected.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Chat Trigger node by adding `@n8n/n8n-nodes-langchain.chatTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"
@@ -49,7 +45,7 @@
               "introduced": "2.14.0"
             },
             {
-              "fixed": "2..14.1"
+              "fixed": "2.14.1"
             }
           ]
         }

Original file line number	Diff line number	Diff line change
`@@ -1,16 +1,12 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-3c7f-5hgj-h279",`
`4`		`- "modified": "2026-03-27T18:06:49Z",`
	`4`	`+ "modified": "2026-03-27T18:06:50Z",`
`5`	`5`	`"published": "2026-03-27T18:06:49Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "n8n has XSS in Chat Trigger Node through Custom CSS",`
`8`	`8`	"details": "## Impact\nAn authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the `sanitize-html` library, the sanitization could be bypassed, resulting in stored XSS on the public chat page. Any user visiting the chat URL would be affected.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Chat Trigger node by adding `@n8n/n8n-nodes-langchain.chatTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.",
`9`	`9`	`"severity": [`
`10`		`- {`
`11`		`- "type": "CVSS_V3",`
`12`		`- "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"`
`13`		`- },`
`14`	`10`	`{`
`15`	`11`	`"type": "CVSS_V4",`
`16`	`12`	`"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"`
`@@ -49,7 +45,7 @@`
`49`	`45`	`"introduced": "2.14.0"`
`50`	`46`	`},`
`51`	`47`	`{`
`52`		`- "fixed": "2..14.1"`
	`48`	`+ "fixed": "2.14.1"`
`53`	`49`	`}`
`54`	`50`	`]`
`55`	`51`	`}`