A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, researchers at Imperva have discovered. Setting up OAuth allows n8n to connect to services such as Google Workspace, Microsoft 365, Slack, or GitHub without having to expose service passwords. This is core to automation platforms like n8n because it allows organizations to reduce multiple manual tasks to single automated workflows. A customer might submit a web form, which n8n passes via API calls or OAuth credentials to a CRM system and central database, before sending messages to external Slack messaging or project management tools. This relies on OAuth tokens or API key...