Approved changes feed: RSS · Atom

cpe:2.3:a:1024-lab:smartadmin:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor1024 Lab (c60e99db-d459-58e4-8525-ffb22985ba65)
ProductSmartadmin (525f2992-60b4-511e-b337-1b567421a2cd)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-3725 vulnerable 2026-06-08 08:01:19.262016 1024-lab/lab1024 SmartAdmin FreeMarker Template MailService.java freemarkerResolverContent special elements used in a template engine
MEDIUM (6.3)
A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of the argument template_content can lead to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-08T09:02:08.086Z
Updated: 2026-03-11T15:32:45.478Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-3721 vulnerable 2026-06-08 08:01:19.259270 1024-lab/lab1024 SmartAdmin Help Documentation HelpDocAddForm.java cross site scripting
LOW (3.5)
A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-08T07:32:07.430Z
Updated: 2026-03-11T15:31:49.646Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-3720 vulnerable 2026-06-08 08:01:19.251612 1024-lab/lab1024 SmartAdmin Notice notice-form-drawer.vue cross site scripting
LOW (3.5)
A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue of the component Notice Module. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-08T07:02:13.355Z
Updated: 2026-03-11T14:47:11.911Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.