27 matches found
CVE-2026-25138
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25733
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...
CVE-2026-25736 Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom RSE Attribute of the WebUI where...
CVE-2026-25735
Rucio WebUI Identity Name contains a stored XSS vulnerability. Attacker-supplied input is persisted and later rendered without proper output encoding, enabling arbitrary JavaScript execution in the WebUI for affected users. This can potentially lead to session token theft or unauthorized actions....
CVE-2026-25735 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Identity Name of the WebUI where...
GHSA-FQ4F-4738-RQXM Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...
CVE-2026-25734 Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the RSE metadata of the WebUI where...
CVE-2026-25734 Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the RSE metadata of the WebUI where...
CVE-2026-25734
Rucio WebUI vulnerability CVE-2026-25734: stored XSS in RSE metadata of the WebUI. Attacker-controlled input is persisted by the backend and rendered in the WebUI without proper output encoding, enabling arbitrary JavaScript execution in the user context and potentially session token theft or una...
CVE-2026-25733
CVE-2026-25733 concerns Rucio’s WebUI, where a stored XSS in the Custom Rules function allows attacker-controlled input to be persisted by the backend and rendered without proper encoding. Affected versions are prior to 35.8.3, 38.5.4, and 39.3.1; these versions fix the issue. The vulnerability c...
CVE-2026-25733 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
Summary A stored Cross-site Scripting XSS vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the Web...
GHSA-H9FP-P2P9-873Q Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
Summary A stored Cross-site Scripting XSS vulnerability was identified in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebU...
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25138
CVE-2026-25138 concerns Rucio’s WebUI where, prior to versions 35.8.3, 38.5.4, and 39.3.1, the login endpoint leaks distinct error messages indicating whether a username exists, enabling unauthenticated enumeration. The issue is mitigated by upgrading to 35.8.3, 38.5.4, or 39.3.1, which include t...
Sensitive Cookie Without "HttpOnly" Flag
Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via the comment field in the custom rules process. An attacker can execute arbitrary JavaScript in the context of the WebUI by submitting crafted input that is stored by the backend and rendered...
CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...
CVE-2026-25136
CVE-2026-25136 - Rucio WebUI Reflected XSS : Affects Rucio WebUI, where the rendering of the ExceptionMessage in the 500 error could be exploited to steal login session tokens via a crafted URL. The issue is fixed in versions 35.8.3, 38.5.4, and 39.3.1. No exploitation details are provided in the...
CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...