Lucene search
K

6 matches found

CVE
CVE
added 2026/02/25 7:33 p.m.21 views

CVE-2026-25734

Rucio WebUI vulnerability CVE-2026-25734: stored XSS in RSE metadata of the WebUI. Attacker-controlled input is persisted by the backend and rendered in the WebUI without proper output encoding, enabling arbitrary JavaScript execution in the user context and potentially session token theft or una...

6.1CVSS5.9AI score0.00287EPSS
CVE
CVE
added 2026/02/25 7:28 p.m.17 views

CVE-2026-25138

CVE-2026-25138 concerns Rucio’s WebUI where, prior to versions 35.8.3, 38.5.4, and 39.3.1, the login endpoint leaks distinct error messages indicating whether a username exists, enabling unauthenticated enumeration. The issue is mitigated by upgrading to 35.8.3, 38.5.4, or 39.3.1, which include t...

5.3CVSS5.4AI score0.00327EPSS
CVE
CVE
added 2026/02/25 7:30 p.m.16 views

CVE-2026-25733

CVE-2026-25733 concerns Rucio’s WebUI, where a stored XSS in the Custom Rules function allows attacker-controlled input to be persisted by the backend and rendered without proper encoding. Affected versions are prior to 35.8.3, 38.5.4, and 39.3.1; these versions fix the issue. The vulnerability c...

7.3CVSS5.9AI score0.0026EPSS
CVE
CVE
added 2026/02/25 7:43 p.m.14 views

CVE-2026-25735

Rucio WebUI Identity Name contains a stored XSS vulnerability. Attacker-supplied input is persisted and later rendered without proper output encoding, enabling arbitrary JavaScript execution in the WebUI for affected users. This can potentially lead to session token theft or unauthorized actions....

6.1CVSS5.9AI score0.00287EPSS
CVE
CVE
added 2026/02/25 7:50 p.m.14 views

CVE-2026-25736

Affected software : Rucio WebUI. Vulnerability : Stored Cross-Site Scripting (XSS) in the Custom RSE Attribute where attacker-controlled input is persisted and later rendered without proper output encoding. This enables arbitrary JavaScript execution within the WebUI context for viewers of affect...

6.1CVSS5.9AI score0.00287EPSS
CVE
CVE
added 2026/02/25 6:57 p.m.13 views

CVE-2026-25136

CVE-2026-25136 - Rucio WebUI Reflected XSS : Affects Rucio WebUI, where the rendering of the ExceptionMessage in the 500 error could be exploited to steal login session tokens via a crafted URL. The issue is fixed in versions 35.8.3, 38.5.4, and 39.3.1. No exploitation details are provided in the...

8.1CVSS5.5AI score0.00263EPSS