CVE-2025-53543

medium

Description

Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0.

References

https://github.com/kestra-io/kestra/security/advisories/GHSA-qpj4-4r6r-wvf4

Details

Source: Mitre, NVD

Published: 2025-07-07

Updated: 2025-07-08

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.2

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N