CVE-2026-3721

Summary

A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
1024-labSmartAdmin3.0affected
1024-labSmartAdmin3.1affected
1024-labSmartAdmin3.2affected
1024-labSmartAdmin3.3affected
1024-labSmartAdmin3.4affected
1024-labSmartAdmin3.5affected
1024-labSmartAdmin3.6affected
1024-labSmartAdmin3.7affected
1024-labSmartAdmin3.8affected
1024-labSmartAdmin3.9affected
1024-labSmartAdmin3.10affected
1024-labSmartAdmin3.11affected
1024-labSmartAdmin3.12affected
1024-labSmartAdmin3.13affected
1024-labSmartAdmin3.14affected
1024-labSmartAdmin3.15affected
1024-labSmartAdmin3.16affected
1024-labSmartAdmin3.17affected
1024-labSmartAdmin3.18affected
1024-labSmartAdmin3.19affected
1024-labSmartAdmin3.20affected
1024-labSmartAdmin3.21affected
1024-labSmartAdmin3.22affected
1024-labSmartAdmin3.23affected
1024-labSmartAdmin3.24affected
1024-labSmartAdmin3.25affected
1024-labSmartAdmin3.26affected
1024-labSmartAdmin3.27affected
1024-labSmartAdmin3.28affected
1024-labSmartAdmin3.29affected
lab1024SmartAdmin3.0affected
lab1024SmartAdmin3.1affected
lab1024SmartAdmin3.2affected
lab1024SmartAdmin3.3affected
lab1024SmartAdmin3.4affected
lab1024SmartAdmin3.5affected
lab1024SmartAdmin3.6affected
lab1024SmartAdmin3.7affected
lab1024SmartAdmin3.8affected
lab1024SmartAdmin3.9affected
lab1024SmartAdmin3.10affected
lab1024SmartAdmin3.11affected
lab1024SmartAdmin3.12affected
lab1024SmartAdmin3.13affected
lab1024SmartAdmin3.14affected
lab1024SmartAdmin3.15affected
lab1024SmartAdmin3.16affected
lab1024SmartAdmin3.17affected
lab1024SmartAdmin3.18affected
lab1024SmartAdmin3.19affected
lab1024SmartAdmin3.20affected
lab1024SmartAdmin3.21affected
lab1024SmartAdmin3.22affected
lab1024SmartAdmin3.23affected
lab1024SmartAdmin3.24affected
lab1024SmartAdmin3.25affected
lab1024SmartAdmin3.26affected
lab1024SmartAdmin3.27affected
lab1024SmartAdmin3.28affected
lab1024SmartAdmin3.29affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References