CVE-2026-2971 | a466350665 Smart-SSO up to 2.1.1 Login login.html redirectUri cross site scripting

A vulnerability marked as problematic has been reported in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login. Performing a manipulation of the argument redirectUri results in cross site scripting.

This vulnerability is reported as CVE-2026-2971. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2971 | a466350665 Smart-SSO up to 2.1.1 Login login.html redirectUri cross site scripting

Post correlati

CVE-2024-41317 | TOTOLINK A6000R 1.0.1-B20201211.2000 apcli_do_enr_pbc_wps ifname command injection

CVE-2023-5915 | Yokogawa STARDOM FCN-FJC up to R4.31 Packet resource consumption (icsa-23-334-02)

CVE-2023-28871 | NCP Secure Enterprise Client up to 12.21 symlink (usd-2022-0005)

CVE-2024-7731 | SECOM Dr.ID Access Control System up to 3.6.2 page sql injection