6 matches found
CVE-2026-25734
Rucio WebUI vulnerability CVE-2026-25734: stored XSS in RSE metadata of the WebUI. Attacker-controlled input is persisted by the backend and rendered in the WebUI without proper output encoding, enabling arbitrary JavaScript execution in the user context and potentially session token theft or una...
CVE-2026-25138
CVE-2026-25138 concerns Rucio’s WebUI where, prior to versions 35.8.3, 38.5.4, and 39.3.1, the login endpoint leaks distinct error messages indicating whether a username exists, enabling unauthenticated enumeration. The issue is mitigated by upgrading to 35.8.3, 38.5.4, or 39.3.1, which include t...
CVE-2026-25733
CVE-2026-25733 concerns Rucio’s WebUI, where a stored XSS in the Custom Rules function allows attacker-controlled input to be persisted by the backend and rendered without proper encoding. Affected versions are prior to 35.8.3, 38.5.4, and 39.3.1; these versions fix the issue. The vulnerability c...
CVE-2026-25735
Rucio WebUI Identity Name contains a stored XSS vulnerability. Attacker-supplied input is persisted and later rendered without proper output encoding, enabling arbitrary JavaScript execution in the WebUI for affected users. This can potentially lead to session token theft or unauthorized actions....
CVE-2026-25736
Affected software : Rucio WebUI. Vulnerability : Stored Cross-Site Scripting (XSS) in the Custom RSE Attribute where attacker-controlled input is persisted and later rendered without proper output encoding. This enables arbitrary JavaScript execution within the WebUI context for viewers of affect...
CVE-2026-25136
CVE-2026-25136 - Rucio WebUI Reflected XSS : Affects Rucio WebUI, where the rendering of the ExceptionMessage in the 500 error could be exploited to steal login session tokens via a crafted URL. The issue is fixed in versions 35.8.3, 38.5.4, and 39.3.1. No exploitation details are provided in the...