Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/rucio-webui@35.6.1
Typepypi
Namespace
Namerucio-webui
Version35.6.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version35.8.3
Latest_non_vulnerable_version39.3.1
Affected_by_vulnerabilities
0
url VCID-1re8-kda1-k3db
vulnerability_id VCID-1re8-kda1-k3db
summary Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25735
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25942
published_at 2026-06-11T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.26142
published_at 2026-06-14T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.26157
published_at 2026-06-13T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.26143
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25735
1
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25735
reference_id CVE-2026-25735
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25735
3
reference_url https://github.com/advisories/GHSA-8wpv-6x3f-3rm5
reference_id GHSA-8wpv-6x3f-3rm5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wpv-6x3f-3rm5
4
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-8wpv-6x3f-3rm5
reference_id GHSA-8wpv-6x3f-3rm5
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/security/advisories/GHSA-8wpv-6x3f-3rm5
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25735, GHSA-8wpv-6x3f-3rm5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1re8-kda1-k3db
1
url VCID-6vph-d8yk-p7c7
vulnerability_id VCID-6vph-d8yk-p7c7
summary Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25136
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23837
published_at 2026-06-14T12:55:00Z
1
value 0.0008
scoring_system epss
scoring_elements 0.23655
published_at 2026-06-11T12:55:00Z
2
value 0.0008
scoring_system epss
scoring_elements 0.23851
published_at 2026-06-12T12:55:00Z
3
value 0.0008
scoring_system epss
scoring_elements 0.23859
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25136
1
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
2
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id 35.8.3
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://github.com/rucio/rucio/releases/tag/35.8.3
3
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id 38.5.4
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://github.com/rucio/rucio/releases/tag/38.5.4
4
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id 39.3.1
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://github.com/rucio/rucio/releases/tag/39.3.1
5
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_id Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25136
reference_id CVE-2026-25136
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25136
7
reference_url https://github.com/advisories/GHSA-h79m-5jjm-jm4q
reference_id GHSA-h79m-5jjm-jm4q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h79m-5jjm-jm4q
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-h79m-5jjm-jm4q
reference_id GHSA-h79m-5jjm-jm4q
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://github.com/rucio/rucio/security/advisories/GHSA-h79m-5jjm-jm4q
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25136, GHSA-h79m-5jjm-jm4q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vph-d8yk-p7c7
2
url VCID-kxr7-78nq-ykdu
vulnerability_id VCID-kxr7-78nq-ykdu
summary Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25138
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.23217
published_at 2026-06-14T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.23033
published_at 2026-06-11T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.2323
published_at 2026-06-12T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.2324
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25138
1
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
2
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id 35.8.3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://github.com/rucio/rucio/releases/tag/35.8.3
3
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id 38.5.4
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://github.com/rucio/rucio/releases/tag/38.5.4
4
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id 39.3.1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://github.com/rucio/rucio/releases/tag/39.3.1
5
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages
reference_id Authentication_Cheat_Sheet.html#authentication-and-error-messages
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25138
reference_id CVE-2026-25138
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25138
7
reference_url https://github.com/advisories/GHSA-38wq-6q2w-hcf9
reference_id GHSA-38wq-6q2w-hcf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38wq-6q2w-hcf9
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9
reference_id GHSA-38wq-6q2w-hcf9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25138, GHSA-38wq-6q2w-hcf9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxr7-78nq-ykdu
3
url VCID-pwx1-fnd1-rfh2
vulnerability_id VCID-pwx1-fnd1-rfh2
summary Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25736
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.26142
published_at 2026-06-14T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.25942
published_at 2026-06-11T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.26143
published_at 2026-06-12T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.26157
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25736
1
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
2
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id 35.8.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://github.com/rucio/rucio/releases/tag/35.8.3
3
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id 38.5.4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://github.com/rucio/rucio/releases/tag/38.5.4
4
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id 39.3.1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://github.com/rucio/rucio/releases/tag/39.3.1
5
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_id Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25736
reference_id CVE-2026-25736
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25736
7
reference_url https://github.com/advisories/GHSA-fq4f-4738-rqxm
reference_id GHSA-fq4f-4738-rqxm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fq4f-4738-rqxm
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-fq4f-4738-rqxm
reference_id GHSA-fq4f-4738-rqxm
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://github.com/rucio/rucio/security/advisories/GHSA-fq4f-4738-rqxm
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25736, GHSA-fq4f-4738-rqxm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwx1-fnd1-rfh2
4
url VCID-rxqc-fwgm-ayhy
vulnerability_id VCID-rxqc-fwgm-ayhy
summary Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25733
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.20139
published_at 2026-06-12T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.20158
published_at 2026-06-13T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19966
published_at 2026-06-11T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.20135
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25733
1
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25733
reference_id CVE-2026-25733
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25733
3
reference_url https://github.com/advisories/GHSA-rwj9-7j48-9f7q
reference_id GHSA-rwj9-7j48-9f7q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwj9-7j48-9f7q
4
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-rwj9-7j48-9f7q
reference_id GHSA-rwj9-7j48-9f7q
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/security/advisories/GHSA-rwj9-7j48-9f7q
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25733, GHSA-rwj9-7j48-9f7q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxqc-fwgm-ayhy
5
url VCID-sx7n-qnfs-rbcr
vulnerability_id VCID-sx7n-qnfs-rbcr
summary Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25734
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.26142
published_at 2026-06-14T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.25942
published_at 2026-06-11T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.26143
published_at 2026-06-12T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.26157
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25734
1
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
2
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id 35.8.3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://github.com/rucio/rucio/releases/tag/35.8.3
3
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id 38.5.4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://github.com/rucio/rucio/releases/tag/38.5.4
4
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id 39.3.1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://github.com/rucio/rucio/releases/tag/39.3.1
5
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_id Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25734
reference_id CVE-2026-25734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25734
7
reference_url https://github.com/advisories/GHSA-h9fp-p2p9-873q
reference_id GHSA-h9fp-p2p9-873q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h9fp-p2p9-873q
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-h9fp-p2p9-873q
reference_id GHSA-h9fp-p2p9-873q
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://github.com/rucio/rucio/security/advisories/GHSA-h9fp-p2p9-873q
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25734, GHSA-h9fp-p2p9-873q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx7n-qnfs-rbcr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.6.1