MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-2971

🟡 MEDIUM

A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the componen...

Published
Feb 23, 2026
Last Modified
Feb 23, 2026
Views
9
Bookmarks
0

Description

Request Expert Review

A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login. Performing a manipulation of the argument redirectUri results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

CVSS 3.1 4.3
4.3
MEDIUM
CVSS 2.0 4.3

References

vuldb.com vuldb.com vuldb.com www.notion.so

Additional Information

Source
cna@vuldb.com
State
Received

Related CVEs

CVE-2026-2970

MEDIUM

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-a...

Score: 4.6

CVE-2026-2969

MEDIUM

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/module...

Score: 4.7

CVE-2026-2998

HIGH

ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same di...

Score: 7.8

CVE-2026-2968

LOW

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of...

Score: 3.7

CVE-2026-2967

LOW

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the com...

Score: 3.7

CVE-2026-2997

MEDIUM

Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers...

Score: 5.4

Share CVE-2026-2971

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-2971 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis