Submit #756026: a466350665 Smart-SSO <=2.1.1 Incomplete Denylist to Cross-Site Scriptinginfo

Titlea466350665 Smart-SSO <=2.1.1 Incomplete Denylist to Cross-Site Scripting
Description### Introduction [Smart-SSO](https://github.com/a466350665) is a lightweight, high-availability Single Sign-On (SSO) authentication and authorization center built on **SpringBoot** and **OAuth2** protocol with **RBAC** (Role-Based Access Control) permission design. Stored XSS vulnerabilities allow attackers to permanently store malicious scripts on the target server. When other users visit the affected page, the malicious script is executed. ### Affected Versions Smart-SSO 2.1.1 and earlier
Source⚠️ https://www.notion.so/Smart-SSO-Stored-Cross-Site-Scripting-XSS-in-Role-Edit-Page-303ea92a3c4180f4beb9c119653ce51d
User
 din4 (UID 50867)
Submission02/11/2026 02:24 (3 months ago)
Moderation02/22/2026 09:16 (11 days later)
StatusAccepted
VulDB entry347339 [a466350665 Smart-SSO up to 2.1.1 Role Edit Page UserController.java save cross site scripting]
Points17

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!