| Название | a466350665 Smart-SSO <=2.1.1 Incomplete Denylist to Cross-Site Scripting |
|---|
| Описание | ### Introduction
[Smart-SSO](https://github.com/a466350665) is a lightweight, high-availability Single Sign-On (SSO) authentication and authorization center built on **SpringBoot** and **OAuth2** protocol with **RBAC** (Role-Based Access Control) permission design.
Stored XSS vulnerabilities allow attackers to permanently store malicious scripts on the target server. When other users visit the affected page, the malicious script is executed.
### Affected Versions
Smart-SSO 2.1.1 and earlier |
|---|
| Источник | ⚠️ https://www.notion.so/Smart-SSO-Stored-Cross-Site-Scripting-XSS-in-Role-Edit-Page-303ea92a3c4180f4beb9c119653ce51d |
|---|
| Пользователь | din4 (UID 50867) |
|---|
| Представление | 11.02.2026 02:24 (3 месяцы назад) |
|---|
| Модерация | 22.02.2026 09:16 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 347339 [a466350665 Smart-SSO до 2.1.1 Role Edit Page UserController.java save межсайтовый скриптинг] |
|---|
| Баллы | 17 |
|---|