CVE-2026-3720

Name of the Vulnerable Software and Affected Versions 1024-lab/lab1024 SmartAdmin versions prior to 3.30

Description A security flaw exists in the Notice Module of 1024-lab/lab1024 SmartAdmin. The issue involves a cross-site scripting condition within the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue and an unknown function. This allows for remote attacks. The exploit has been publicly released.

Recommendations Update 1024-lab/lab1024 SmartAdmin to version 3.30 or later. As a temporary workaround, consider restricting access to the Notice Module until a patch is available.