19 matches found
CVE-2026-25138
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25136
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...
CVE-2026-25138
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25733
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...
CVE-2026-25734
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the RSE metadata of the WebUI where...
CVE-2026-25736
Affected software : Rucio WebUI. Vulnerability : Stored Cross-Site Scripting (XSS) in the Custom RSE Attribute where attacker-controlled input is persisted and later rendered without proper output encoding. This enables arbitrary JavaScript execution within the WebUI context for viewers of affect...
CVE-2026-25735
Rucio WebUI Identity Name contains a stored XSS vulnerability. Attacker-supplied input is persisted and later rendered without proper output encoding, enabling arbitrary JavaScript execution in the WebUI for affected users. This can potentially lead to session token theft or unauthorized actions....
CVE-2026-25735 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Identity Name of the WebUI where...
CVE-2026-25734 Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the RSE metadata of the WebUI where...
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25138
CVE-2026-25138 concerns Rucio’s WebUI where, prior to versions 35.8.3, 38.5.4, and 39.3.1, the login endpoint leaks distinct error messages indicating whether a username exists, enabling unauthenticated enumeration. The issue is mitigated by upgrading to 35.8.3, 38.5.4, or 39.3.1, which include t...
CVE-2026-25138
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25136
CVE-2026-25136 - Rucio WebUI Reflected XSS : Affects Rucio WebUI, where the rendering of the ExceptionMessage in the 500 error could be exploited to steal login session tokens via a crafted URL. The issue is fixed in versions 35.8.3, 38.5.4, and 39.3.1. No exploitation details are provided in the...
CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...
CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...
Rucio 安全漏洞
Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities were caused by reflective cross-site scripting in the rendering of the ExceptionMessage on the WebUI 500...
PT-2026-22002
Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 Description Rucio is a software framework used to organize, manage, and access large volumes of scientific data. A stored Cross-Site Scripting XSS issue exists in the Custom RSE Attribute of t...
PT-2026-21985
Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3 Rucio versions prior to 38.5.4 Rucio versions prior to 39.3.1 Description Rucio software contains a reflected Cross-site Scripting XSS issue in the rendering of the ExceptionMessage of the WebUI 500 error. This...