CVE-2026-2971 identifies a cross-site scripting vulnerability in the a466350665 Smart-SSO product, specifically affecting versions 2.1.0 and 2.1.1. The vulnerability resides in the login.html template file within the smart-sso-server component. The issue arises from improper sanitization or validation of the redirectUri argument, which is used during the login process to redirect users after authentication. An attacker can craft a malicious URL containing a manipulated redirectUri parameter that includes executable JavaScript code. When a user accesses this URL and interacts with the login page, the injected script executes in the context of the victim's browser. This can lead to theft of session tokens, credential phishing, or other malicious actions that compromise user security. The vulnerability is remotely exploitable without requiring authentication, but user interaction is necessary to trigger the payload. The CVSS 4.0 base score is 5.3, reflecting medium severity due to the ease of exploitation and limited impact on confidentiality and integrity. The vendor was notified early but has not responded or provided a patch, increasing the risk for organizations relying on this SSO solution. No public exploits have been observed in the wild yet, but the disclosure and availability of exploit details raise the potential for future attacks.

The primary impact of this vulnerability is the potential for attackers to execute arbitrary scripts in the browsers of users interacting with the vulnerable Smart-SSO login page. This can lead to session hijacking, allowing attackers to impersonate legitimate users and gain unauthorized access to protected resources. Additionally, attackers could perform phishing attacks by injecting deceptive content, potentially harvesting user credentials or other sensitive information. Since Smart-SSO is an authentication system, compromising it can have cascading effects on the security of connected applications and services, undermining the overall trust model. The vulnerability does not directly affect system availability or integrity of backend systems but poses a significant risk to user confidentiality and authentication integrity. Organizations using affected versions may face increased risk of account compromise, data breaches, and reputational damage if exploited. The lack of vendor response and patches further exacerbates the threat landscape, leaving many deployments exposed.

Organizations should immediately implement input validation and output encoding on the redirectUri parameter to prevent injection of malicious scripts. If source code access is available, developers should sanitize and encode all user-controllable inputs in the login.html template. Until an official patch is released, deploying a web application firewall (WAF) with rules to detect and block suspicious redirectUri parameter values can reduce exposure. Administrators should monitor logs for unusual URL patterns targeting the login page and educate users to avoid clicking suspicious links. Additionally, consider implementing Content Security Policy (CSP) headers to restrict script execution sources and reduce the impact of XSS attacks. If possible, upgrade to a newer, unaffected version of Smart-SSO once available or consider alternative authentication solutions. Regular security assessments and penetration testing focused on authentication flows can help identify similar issues proactively.