CVE-2026-56359
n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malici
CVSS
5.4
Medium
EPSS
0.1%
p4
KEV
—
Exploit Today
1
0-100
Published: Jul 8, 2026 · Last modified: Jul 9, 2026 · CWE-79
0.1%EPSS · 30 days0.1%
2026-07-092026-07-16
n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth authorization button, executing arbitrary scripts in their browser session with the victim's privileges.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-252996.1 MED99.9%
——30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.9dCVE-2021-364506.1 MED99.2%
——30Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.9dCVE-2023-414256.1 MED98.9%
——30Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.9dCVE-2022-330986.1 MED98.8%
——30Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted SVG document, with JavaScript, for a profile picture.9dCVE-2025-441489.8 CRI98.8%
——30Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component13dCVE-2022-365335.4 MED98.5%
——30Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability.9d