CVE-2026-2971

MEDIUM 4.3

a466350665 Smart-SSO Login login.html cross site scripting

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login. Performing a manipulation of the argument redirectUri results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-79 CWE-94
Vendor	a466350665
Product	smart-sso
Published	Feb 23, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for a466350665 smart-sso

Be the first to know when new medium vulnerabilities affecting a466350665 smart-sso are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

a466350665 / Smart-SSO

2.1.0 2.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.347338 vuldb.com: https://vuldb.com/?ctiid.347338 vuldb.com: https://vuldb.com/?submit.756025 notion.so: https://www.notion.so/Smart-SSO-Reflected-XSS-vulnerabilities-in-redirectUri-parameter-304ea92a3c41805a8223c4ba75831802

Credits

🔍 din4 (VulDB User)