CVE-2025-52478 – n8n Cross-Site Scripting (XSS) Vulnerability

August 19, 2025

CVE ID : CVE-2025-52478

Published : Aug. 19, 2025, 5:15 p.m. | 7 hours, 37 minutes ago

Description : n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node’s HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject malicious Javascript by using

Source: Read More

Previous ArticleCVE-2025-55294 – “Screenshot-Desktop Command Injection Vulnerability”

Next Article CVE-2025-54336 – Plesk Obsidian Authentication Bypass Vulnerability

Highlights

CVE-2025-5630 – D-Link DIR-816 Remote Stack-Based Buffer Overflow Vulnerability

June 4, 2025

CVE ID : CVE-2025-5630

Published : June 5, 2025, 3:15 a.m. | 23 minutes ago

Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

One of the best Xbox Cloud Gaming mobile controllers with hall-effect sticks and triggers is on a limited-time sale for less than $80

May 30, 2025

CVE-2025-4753 – D-Link DI-7003GV2 File Disclosure Vulnerability

May 16, 2025

Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader

July 16, 2025

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

Windows 11 can now screen record specific app windows using Win + Shift + R (Snipping Tool)

CVE-2025-52478 – n8n Cross-Site Scripting (XSS) Vulnerability

Investors beware: AI-powered financial scams swamp social media

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

CVE-2025-5387 – JeeWMS File Handler Improper Access Controls Remote Vulnerability

CVE-2025-3582 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

Distribution Release: CRUX 3.8

Fix Twitter/X Not Logging In [Desktop & Mobile]

CVE-2025-5630 – D-Link DIR-816 Remote Stack-Based Buffer Overflow Vulnerability

One of the best Xbox Cloud Gaming mobile controllers with hall-effect sticks and triggers is on a limited-time sale for less than $80

CVE-2025-4753 – D-Link DI-7003GV2 File Disclosure Vulnerability

Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader

CVE-2025-52478 – n8n Cross-Site Scripting (XSS) Vulnerability

Related Posts