GHSA-FQ4F-4738-RQXM Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

CVE-2026-25734 Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the RSE metadata of the WebUI where...

CVE-2026-25734 Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the RSE metadata of the WebUI where...

CVE-2026-25734

Rucio WebUI vulnerability CVE-2026-25734: stored XSS in RSE metadata of the WebUI. Attacker-controlled input is persisted by the backend and rendered in the WebUI without proper output encoding, enabling arbitrary JavaScript execution in the user context and potentially session token theft or una...

CVE-2026-25733

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

CVE-2026-25733

CVE-2026-25733 concerns Rucio’s WebUI, where a stored XSS in the Custom Rules function allows attacker-controlled input to be persisted by the backend and rendered without proper encoding. Affected versions are prior to 35.8.3, 38.5.4, and 39.3.1; these versions fix the issue. The vulnerability c...

CVE-2026-25733 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the Web...

GHSA-8WPV-6X3F-3RM5 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the Web...

GHSA-H9FP-P2P9-873Q Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata

Summary A stored Cross-site Scripting XSS vulnerability was identified in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebU...

CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

CVE-2026-25138

CVE-2026-25138 concerns Rucio’s WebUI where, prior to versions 35.8.3, 38.5.4, and 39.3.1, the login endpoint leaks distinct error messages indicating whether a username exists, enabling unauthenticated enumeration. The issue is mitigated by upgrading to 35.8.3, 38.5.4, or 39.3.1, which include t...

CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via the comment field in the custom rules process. An attacker can execute arbitrary JavaScript in the context of the WebUI by submitting crafted input that is stored by the backend and rendered...

Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...

CVE-2026-25136

CVE-2026-25136 - Rucio WebUI Reflected XSS : Affects Rucio WebUI, where the rendering of the ExceptionMessage in the 500 error could be exploited to steal login session tokens via a crafted URL. The issue is fixed in versions 35.8.3, 38.5.4, and 39.3.1. No exploitation details are provided in the...

CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...

EUVD-2026-8712

Rucio WebUI has Username Enumeration via Login Error Message...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the login process. An attacker can determine the existence of valid usernames by submitting login attempts and analyzing the differences in error messages returned by the system. Remediation Upgrade rucio-webui ...