Executive Summary

CVE-2026-2972 is a stored Cross-Site Scripting (XSS) vulnerability affecting Smart-SSO versions up to 2.1.1. It exists in the save function of the UserController.java file within the Role Edit Page component. The vulnerability occurs because user-controllable input is not properly neutralized before being included in web page output, allowing attackers to inject malicious scripts.

An attacker who is authenticated can remotely exploit this flaw by injecting scripts that get permanently stored on the server. When other users access the affected page, these malicious scripts execute in their browsers, potentially compromising data integrity.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of users who visit the affected Role Edit Page. This can lead to compromised user sessions or data integrity issues.

Since the exploit requires authentication and some user interaction, an attacker must be authenticated and trick a user into performing an action to succeed.

The impact is primarily on data integrity, with no direct confidentiality or availability impact reported. However, executing malicious scripts can lead to further attacks or unauthorized actions within the application.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is a stored cross-site scripting (XSS) issue in the save function of the UserController.java file within the Role Edit Page component of Smart-SSO up to version 2.1.1. Detection involves identifying if malicious scripts have been injected and stored in the Role Edit Page.'}, {'type': 'paragraph', 'content': 'Since exploitation requires authentication and some user interaction, detection can include monitoring HTTP requests to the Role Edit Page for suspicious input containing script tags or JavaScript code.'}, {'type': 'paragraph', 'content': 'Suggested commands or methods include:'}, {'type': 'list_item', 'content': 'Using web application scanners or proxy tools (e.g., OWASP ZAP, Burp Suite) to intercept and analyze requests to the Role Edit Page, looking for script injection attempts.'}, {'type': 'list_item', 'content': 'Manually testing the save function by submitting inputs containing common XSS payloads such as `<script>alert(1)</script>` and observing if the payload is stored and executed.'}, {'type': 'list_item', 'content': 'Reviewing server logs or application logs for suspicious input patterns or error messages related to the UserController save function.'}, {'type': 'list_item', 'content': "Using curl or similar command-line tools to send crafted POST requests to the save endpoint with potential XSS payloads, for example: `curl -X POST -d 'roleName=<script>alert(1)</script>' https://your-smart-sso-server/role-edit/save`."}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

There are no known vendor-provided mitigations or patches for this vulnerability as the vendor did not respond to the disclosure.

Immediate mitigation steps include:

• Restrict access to the Role Edit Page to only trusted and authenticated users to reduce the risk of exploitation.
• Implement input validation and output encoding on the Role Edit Page to neutralize any user-controllable input before it is rendered.
• Consider deploying web application firewalls (WAF) that can detect and block common XSS payloads targeting the affected endpoints.
• Monitor logs and user activity for signs of exploitation attempts.
• If possible, replace the affected Smart-SSO product with an alternative solution that is not vulnerable.

Useful 0 Not Useful 0