N8N's Chat Trigger component is vulnerable to XSS
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.
Advisories for Npm/@N8n/N8n-Nodes-Langchain package
2025