CVE-2026-3721

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions 1024-lab/lab1024 SmartAdmin versions prior to 3.29

Description A cross site scripting issue exists in the Help Documentation Module of 1024-lab/lab1024 SmartAdmin. The issue is related to an unknown function within the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java. This manipulation can be initiated remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Update 1024-lab/lab1024 SmartAdmin to a version later than 3.29.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2026-3721

Affected Products

Smartadmin

CVE-2026-3721

Weakness Enumeration

Related Identifiers

Affected Products

References · 12