CVE-2026-2972 | a466350665 Smart-SSO up to 2.1.1 Role Edit Page UserController.java save cross site scripting

A vulnerability described as problematic has been identified in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting.

This vulnerability appears as CVE-2026-2972. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2972 | a466350665 Smart-SSO up to 2.1.1 Role Edit Page UserController.java save cross site scripting

Post correlati

CVE-2024-34113 | Adobe ColdFusion 2023u7/up to 2021u13 weak encoding for password (apsb24-41)

CVE-2025-20360 | Cisco Secure Firewall Threat Defense Software HTTP buffer access with incorrect length value (cisco-sa-snort3-mime-vulns-tTL8PgVH)

CVE-2025-27614 | j6t gitk up to 2.50.0 os command injection (GHSA-g4v5-fjv9-mhhc)

CVE-2025-59003 | nkthemes Plugins on WordPress information disclosure