CVE-2026-25735
中文标题:
(暂无数据)
英文标题:
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
漏洞描述
中文描述:
(暂无数据)
英文描述:
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| rucio | rucio | < 35.8.3 | - | - |
cpe:2.3:a:rucio:rucio:<_35.8.3:*:*:*:*:*:*:*
|
| rucio | rucio | >= 36.0.0rc1, < 38.5.4 | - | - |
cpe:2.3:a:rucio:rucio:>=_36.0.0rc1,_<_38.5.4:*:*:*:*:*:*:*
|
| rucio | rucio | >= 39.0.0rc1, < 39.3.1 | - | - |
cpe:2.3:a:rucio:rucio:>=_39.0.0rc1,_<_39.3.1:*:*:*:*:*:*:*
|
| cern | rucio | * | - | - |
cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2026-25735 |
2026-02-26 03:19:54 | 2026-02-25 22:00:01 |
| NVD | nvd_CVE-2026-25735 |
2026-02-26 02:00:04 | 2026-02-25 22:00:04 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 3 -> 4
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']