CVE-2026-2972 | a466350665 Smart-SSO up to 2.1.1 Role Edit Page UserController.java save cross site scripting

A vulnerability described as problematic has been identified in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting.

This vulnerability appears as CVE-2026-2972. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More