| 标题 | a466350665 Smart-SSO <=2.1.1 Incomplete Denylist to Cross-Site Scripting |
|---|
| 描述 | ### Introduction
[Smart-SSO](https://github.com/a466350665) is a lightweight, high-availability Single Sign-On (SSO) authentication and authorization center built on **SpringBoot** and **OAuth2** protocol with **RBAC** (Role-Based Access Control) permission design.
Stored XSS vulnerabilities allow attackers to permanently store malicious scripts on the target server. When other users visit the affected page, the malicious script is executed.
### Affected Versions
Smart-SSO 2.1.1 and earlier |
|---|
| 来源 | ⚠️ https://www.notion.so/Smart-SSO-Stored-Cross-Site-Scripting-XSS-in-Role-Edit-Page-303ea92a3c4180f4beb9c119653ce51d |
|---|
| 用户 | din4 (UID 50867) |
|---|
| 提交 | 2026-02-11 02時24分 (3 月前) |
|---|
| 管理 | 2026-02-22 09時16分 (11 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 347339 [a466350665 Smart-SSO 直到 2.1.1 Role Edit Page UserController.java save 跨网站脚本] |
|---|
| 积分 | 17 |
|---|