推荐 11.4
Conf: 50%
n8n
## Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and
💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估
排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | 影响关键基础设施/核心组件 (+4) | LLM 评分加成 (+0.4)