Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/rucio-webui@1.26.13
Typepypi
Namespace
Namerucio-webui
Version1.26.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version35.8.3
Latest_non_vulnerable_version39.3.1
Affected_by_vulnerabilities
0
url VCID-ba98-9kr9-2qe5
vulnerability_id VCID-ba98-9kr9-2qe5
summary 
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
A stored Cross-site Scripting (XSS) vulnerability was identified in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25736
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.26009
published_at 2026-06-05T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.259
published_at 2026-06-08T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.25957
published_at 2026-06-07T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.26003
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25736
1
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
2
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
3
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://github.com/rucio/rucio/releases/tag/35.8.3
4
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://github.com/rucio/rucio/releases/tag/38.5.4
5
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://github.com/rucio/rucio/releases/tag/39.3.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25736
reference_id CVE-2026-25736
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25736
7
reference_url https://github.com/advisories/GHSA-fq4f-4738-rqxm
reference_id GHSA-fq4f-4738-rqxm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fq4f-4738-rqxm
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-fq4f-4738-rqxm
reference_id GHSA-fq4f-4738-rqxm
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T15:59:14Z/
url https://github.com/rucio/rucio/security/advisories/GHSA-fq4f-4738-rqxm
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25736, GHSA-fq4f-4738-rqxm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba98-9kr9-2qe5
1
url VCID-cck3-675p-wfay
vulnerability_id VCID-cck3-675p-wfay
summary 
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
A stored Cross-site Scripting (XSS) vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25735
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.259
published_at 2026-06-08T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.25957
published_at 2026-06-07T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.26003
published_at 2026-06-06T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.26009
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25735
1
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
2
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
3
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/releases/tag/35.8.3
4
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/releases/tag/38.5.4
5
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/releases/tag/39.3.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25735
reference_id CVE-2026-25735
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25735
7
reference_url https://github.com/advisories/GHSA-8wpv-6x3f-3rm5
reference_id GHSA-8wpv-6x3f-3rm5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wpv-6x3f-3rm5
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-8wpv-6x3f-3rm5
reference_id GHSA-8wpv-6x3f-3rm5
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/security/advisories/GHSA-8wpv-6x3f-3rm5
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25735, GHSA-8wpv-6x3f-3rm5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cck3-675p-wfay
2
url VCID-errw-b3eq-hydt
vulnerability_id VCID-errw-b3eq-hydt
summary 
Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function
A stored Cross-site Scripting (XSS) vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25733
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19873
published_at 2026-06-08T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.1994
published_at 2026-06-07T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19983
published_at 2026-06-06T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19988
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25733
1
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
2
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
3
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/releases/tag/35.8.3
4
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/releases/tag/38.5.4
5
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/releases/tag/39.3.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25733
reference_id CVE-2026-25733
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25733
7
reference_url https://github.com/advisories/GHSA-rwj9-7j48-9f7q
reference_id GHSA-rwj9-7j48-9f7q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwj9-7j48-9f7q
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-rwj9-7j48-9f7q
reference_id GHSA-rwj9-7j48-9f7q
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio/security/advisories/GHSA-rwj9-7j48-9f7q
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25733, GHSA-rwj9-7j48-9f7q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-errw-b3eq-hydt
3
url VCID-hmt9-4bxz-9kau
vulnerability_id VCID-hmt9-4bxz-9kau
summary 
Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
A reflected Cross-site Scripting vulnerability was located in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25136
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23742
published_at 2026-06-05T12:55:00Z
1
value 0.0008
scoring_system epss
scoring_elements 0.23627
published_at 2026-06-08T12:55:00Z
2
value 0.0008
scoring_system epss
scoring_elements 0.23681
published_at 2026-06-07T12:55:00Z
3
value 0.0008
scoring_system epss
scoring_elements 0.23727
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25136
1
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
2
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
3
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://github.com/rucio/rucio/releases/tag/35.8.3
4
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://github.com/rucio/rucio/releases/tag/38.5.4
5
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://github.com/rucio/rucio/releases/tag/39.3.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25136
reference_id CVE-2026-25136
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25136
7
reference_url https://github.com/advisories/GHSA-h79m-5jjm-jm4q
reference_id GHSA-h79m-5jjm-jm4q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h79m-5jjm-jm4q
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-h79m-5jjm-jm4q
reference_id GHSA-h79m-5jjm-jm4q
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:44:39Z/
url https://github.com/rucio/rucio/security/advisories/GHSA-h79m-5jjm-jm4q
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25136, GHSA-h79m-5jjm-jm4q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmt9-4bxz-9kau
4
url VCID-qnqm-pubz-hbh9
vulnerability_id VCID-qnqm-pubz-hbh9
summary 
Rucio WebUI has Username Enumeration via Login Error Message
The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25138
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.23101
published_at 2026-06-05T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.22988
published_at 2026-06-08T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.23043
published_at 2026-06-07T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.23088
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25138
1
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages
2
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
3
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://github.com/rucio/rucio/releases/tag/35.8.3
4
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://github.com/rucio/rucio/releases/tag/38.5.4
5
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://github.com/rucio/rucio/releases/tag/39.3.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25138
reference_id CVE-2026-25138
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25138
7
reference_url https://github.com/advisories/GHSA-38wq-6q2w-hcf9
reference_id GHSA-38wq-6q2w-hcf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38wq-6q2w-hcf9
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9
reference_id GHSA-38wq-6q2w-hcf9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:03:18Z/
url https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25138, GHSA-38wq-6q2w-hcf9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnqm-pubz-hbh9
5
url VCID-uv12-htb1-8ubh
vulnerability_id VCID-uv12-htb1-8ubh
summary 
Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
A stored Cross-site Scripting (XSS) vulnerability was identified in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25734
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.26009
published_at 2026-06-05T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.259
published_at 2026-06-08T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.25957
published_at 2026-06-07T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.26003
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25734
1
reference_url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
2
reference_url https://github.com/rucio/rucio
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rucio/rucio
3
reference_url https://github.com/rucio/rucio/releases/tag/35.8.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://github.com/rucio/rucio/releases/tag/35.8.3
4
reference_url https://github.com/rucio/rucio/releases/tag/38.5.4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://github.com/rucio/rucio/releases/tag/38.5.4
5
reference_url https://github.com/rucio/rucio/releases/tag/39.3.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://github.com/rucio/rucio/releases/tag/39.3.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25734
reference_id CVE-2026-25734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25734
7
reference_url https://github.com/advisories/GHSA-h9fp-p2p9-873q
reference_id GHSA-h9fp-p2p9-873q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h9fp-p2p9-873q
8
reference_url https://github.com/rucio/rucio/security/advisories/GHSA-h9fp-p2p9-873q
reference_id GHSA-h9fp-p2p9-873q
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-26T16:01:30Z/
url https://github.com/rucio/rucio/security/advisories/GHSA-h9fp-p2p9-873q
fixed_packages
0
url pkg:pypi/rucio-webui@35.8.3
purl pkg:pypi/rucio-webui@35.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@35.8.3
1
url pkg:pypi/rucio-webui@38.5.4
purl pkg:pypi/rucio-webui@38.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@38.5.4
2
url pkg:pypi/rucio-webui@39.3.1
purl pkg:pypi/rucio-webui@39.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@39.3.1
aliases CVE-2026-25734, GHSA-h9fp-p2p9-873q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uv12-htb1-8ubh
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/rucio-webui@1.26.13