A466350665 SMART-SSO up to 2.1.1 Role Edit Page Usercontroller.java Save Cross Site Scripting Key Vulnerability Information CVE: CVE-2026-2972 VulDB ID: VDB-347339 CVSS Meta Temp Score: 2.2 Current Exploit Price: $0-$5k CTI Interest Score: 3.64 Summary A problematic vulnerability has been identified in a466350665 Smart-SSO up to 2.1.1. The vulnerability affects the function in the file within the Role Edit Page component. Malicious input manipulation can lead to cross-site scripting (XSS) attacks, which can be initiated remotely. An exploit is available, but the vendor did not respond to early notifications about the issue. Details CWE Classification: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) MITRE ATT&CK Technique: T1059.007 Vulnerability Type: Cross-Site Scripting (XSS) Impact: Integrity The product fails to neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. An advisory can be found at notion.so. The vulnerability is classified under CVE-2026-2972, with an exploitation ease level of "easy". User interaction is required for successful exploitation.