CVE-2026-2972 is a cross-site scripting vulnerability identified in the Smart-SSO product developed by a466350665, affecting versions 2.1.0 and 2.1.1. The flaw resides in the Save function of the Role Edit Page, implemented in the UserController.java file within the smart-sso-server component. Specifically, the vulnerability arises from insufficient input sanitization or output encoding when processing user-supplied data, allowing attackers to inject malicious scripts. The attack vector is remote, but exploitation requires the attacker to have high privileges (authenticated with elevated rights) and user interaction to trigger the malicious payload. The vulnerability does not impact confidentiality or availability directly but can compromise integrity by enabling script execution in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions within the application. The CVSS 4.0 score is 4.8 (medium), reflecting the need for authentication and user interaction, with low complexity and no requirement for privileges beyond high-level access. The vendor was notified early but has not responded or issued patches, and no known exploits have been observed in the wild yet. Given the public disclosure, the risk of exploitation may increase over time.

The primary impact of CVE-2026-2972 is the potential for attackers with high-level access to execute malicious scripts within the context of the Smart-SSO web application. This can lead to session hijacking, unauthorized actions performed on behalf of legitimate users, and potential compromise of user credentials or sensitive data accessible through the application interface. Although the vulnerability requires authenticated access and user interaction, it can undermine trust in the SSO system, which is critical for centralized authentication and access management. Organizations relying on Smart-SSO for identity and access control may face risks of privilege escalation or lateral movement if attackers leverage this XSS flaw to escalate their foothold. The absence of vendor response and patches increases exposure duration, potentially affecting organizations globally that have deployed affected versions. The impact is mainly on integrity and user trust rather than direct data breach or system availability.

1. Immediately restrict access to the Role Edit Page and related administrative functions to trusted personnel only, minimizing exposure to potential attackers. 2. Implement strict input validation and output encoding on all user-supplied data in the Role Edit Page, especially in the Save function, to neutralize malicious scripts. 3. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the application context. 4. Monitor application logs for unusual activity or attempts to inject scripts, focusing on high-privilege user actions. 5. If possible, upgrade to a future patched version once the vendor releases it; meanwhile, consider applying custom patches or workarounds to sanitize inputs. 6. Educate administrators and users about the risk of XSS and the importance of cautious interaction with links or inputs in the SSO portal. 7. Use web application firewalls (WAFs) with rules targeting XSS patterns to provide an additional layer of defense. 8. Regularly review and audit the application's source code for similar vulnerabilities, especially in administrative modules.