Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
SmartAdmin Notice Module Allows Remote JavaScript Injection
CVE-2026-3720
Summary
A security flaw in the SmartAdmin Notice Module can allow an attacker to inject malicious JavaScript code into the system, potentially allowing them to access or steal sensitive information. This vulnerability can be exploited remotely, and an exploit is publicly available. It's recommended that users update to the latest version of SmartAdmin to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| lab1024 | smartadmin | <= 3.29 | – |
Original title
A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-...
Original description
A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue of the component Notice Module. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
4.0
nvd CVSS3.1
3.5
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026