CVE-2025-53543 Kestra allows Stored XSS before 0.22

Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0...

kestra 跨站脚本漏洞

kestra is a workflow automation platform from Kestra open source. A cross-site scripting vulnerability exists in versions prior to kestra 0.22.0 that stems from improper handling of an error message in the Execution Overview tab and could lead to a stored cross-site scripting attack...