Vulnerability Description
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| A466350665 | Smart-Sso | <= 2.1.1 |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.347339Permissions RequiredVDB Entry
- https://vuldb.com/?id.347339Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.756026Third Party AdvisoryVDB Entry
- https://www.notion.so/Smart-SSO-Stored-Cross-Site-Scripting-XSS-in-Role-Edit-PagExploitThird Party Advisory
FAQ
What is CVE-2026-2972?
CVE-2026-2972 is a vulnerability with a CVSS score of 2.4 (LOW). A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.j...
How severe is CVE-2026-2972?
CVE-2026-2972 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2972?
Check the references section above for vendor advisories and patch information. Affected products include: A466350665 Smart-Sso.