CVE-2026-3720 | 1024-lab/lab1024 SmartAdmin up to 3.29 Notice notice-form-drawer.vue cross site scripting

A vulnerability described as problematic has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue of the component Notice Module. The manipulation results in cross site scripting.

This vulnerability is reported as CVE-2026-3720. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3720 | 1024-lab/lab1024 SmartAdmin up to 3.29 Notice notice-form-drawer.vue cross site scripting

Post correlati

CVE-2021-47554 | Linux Kernel up to 5.15.5 vdpa_sim vdpasim_create null pointer dereference (e4d58ac67e63/bb93ce4b150d)

CVE-2024-13802 | kwestion505 Bandsintown Events Plugin up to 1.3.1 on WordPress Shortcode bandsintown_events cross site scripting

CVE-2026-25522 | Craft CMS up to 4.10.0/5.5.1 Store Management Section cross site scripting (GHSA-h9r9-2pxg-cx9m)

CVE-2024-13550 | paulrosen ABC Notation Plugin up to 6.1.3 on WordPress Shortcode abcjs path traversal