CVE-2026-3720

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions 1024-lab/lab1024 SmartAdmin versions prior to 3.30

Description A security flaw exists in the Notice Module of 1024-lab/lab1024 SmartAdmin. The issue involves a cross-site scripting condition within the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue and an unknown function. This allows for remote attacks. The exploit has been publicly released.

Recommendations Update 1024-lab/lab1024 SmartAdmin to version 3.30 or later. As a temporary workaround, consider restricting access to the Notice Module until a patch is available.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2026-3720

Affected Products

Smartadmin

CVE-2026-3720

Weakness Enumeration

Related Identifiers

Affected Products

References · 10