CVE-2025-53543 - CERT CVE
ID CVE-2025-53543
Sažetak Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0.
Reference
CVSS
Base: 4.2
Impact: 3.6
Exploitability:0.6
Pristup
VektorSloženostAutentikacija
LOCAL LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE NONE
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Zadnje važnije ažuriranje 07-07-2025 - 20:15
Objavljeno 07-07-2025 - 20:15