PT-2026-23927 · 1024 · Smartadmin

Din4

Publicado

2026-03-08

Atualizado

2026-04-18

CVE-2026-3721

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions 1024-lab/lab1024 SmartAdmin versions prior to 3.29

Description A cross site scripting issue exists in the Help Documentation Module of 1024-lab/lab1024 SmartAdmin. The issue is related to an unknown function within the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java. This manipulation can be initiated remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Update 1024-lab/lab1024 SmartAdmin to a version later than 3.29.

Exploit

Correção

Code Injection

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-79

Identificadores relacionados

CVE-2026-3721

Produtos afetados

Smartadmin

PT-2026-23927 · 1024 · Smartadmin

CVE-2026-3721

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12