CNNVD-202507-781 Information
Jul 07, 2025
cve
CNNVD ID
CNNVD-202507-781
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
kestra是Kestra开源的一个工作流自动化平台。 kestra 0.22.0之前版本存在跨站脚本漏洞,该漏洞源于执行概述标签中的错误消息处理不当,可能导致存储型跨站脚本攻击。
Description (English)
Kestra is an automated workflow platform for Kestra ’ s open source. There was a cross-site script loophole in the pre-Kestra 0.22.0 version, which resulted from the inappropriate handling of false information in the executive summary label, which could lead to a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Kestra
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/kestra-io/kestra/security/advisories/GHSA-qpj4-4r6r-wvf4 https://access.redhat.com/security/cve/cve-2025-53543
Patch
https://github.com/kestra-io/kestra/releases
Share on: