CVE-2025-53543

Published July 7th, 2025

View on NVD ↗

CVSS v3

4.2

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0.

kestra-io/kestra

Event Driven Orchestration & Scheduling Platform for Mission Critical Applications

GitHub

27K