27 matches found
CVE-2026-1151
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2026-1151
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2026-1151
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2026-1151 technical-laohu mpay User Center cross site scripting
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2026-1151 technical-laohu mpay User Center cross site scripting
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2026-1151
CVE-2026-1151 affects technical-laohu mpay (User Center) up to version 1.2.4. Manipulating the Nickname argument in an unknown function enables cross-site scripting. The issue can be exploited remotely and public PoCs exist. Remediation: update to version 1.2.4 or later (versions prior to 1.2.4 s...
CVE-2026-1151
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
PT-2026-3434
Name of the Vulnerable Software and Affected Versions technical-laohu mpay versions up to 1.2.4 Description A flaw exists in the User Center component of technical-laohu mpay. Manipulation of the Nickname argument within an unknown function can lead to cross site scripting. The exploit is publicl...
EUVD-2025-24942
Malicious code in bioql PyPI...
EUVD-2024-49829
Malicious code in bioql PyPI...
CVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting XSS via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface...
CVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting XSS via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface...
PT-2025-33411 · Ourphp · Ourphp
Name of the Vulnerable Software and Affected Versions: OURPHP versions through 8.6.1 Description: OURPHP through version 8.6.1 is susceptible to Cross-Site Scripting XSS via the Name field within the "Complete Profile" functionality located in the "My User Center" page. This functionality is...
CVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting XSS via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface...
CVE-2025-51965
CVE-2025-51965 affects OURPHP up to version 8.6.1, where the vulnerability is a Cross‑Site Scripting (XSS) flaw in the Name field of the Complete Profile function in My User Center, accessible after front‑end registration. The underlying issue and exploitation details are not further elaborated i...
CVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting XSS via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface...
CVE-2024-9279
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack...
CVE-2024-9279
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack...
CVE-2024-9279 funnyzpc Mee-Admin User Center index cross site scripting
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack...
CVE-2024-9279 funnyzpc Mee-Admin User Center index cross site scripting
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack...