CVE-2026-1151

A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2026-1151

A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2026-1151 technical-laohu mpay User Center cross site scripting

A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2026-1151

A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...

mpay code injection vulnerability

MPay is a convenient payment collection tool developed by Technic Laohu in China. Versions of MPay 1.2.4 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Nickname,” and could lead to cross-site scripting attacks...

EUVD-2010-0961

Malware in sbrugna...

EUVD-2020-14089

Malware in sbrugna...

EUVD-2025-13440

Malicious code in bioql PyPI...

CVE-2025-4666 ZotPress <= 7.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'nickname'

The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2025-4666 ZotPress <= 7.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'nickname'

The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

SourceCodester Client Database Management System 注入漏洞

SourceCodester Client Database Management System is SourceCodester open source a client database management system . An injection vulnerability exists in SourceCodester Client Database Management System version 1.0, which originates from SQL injection due to incorrect operation of the parameter...

CVE-2020-19148

Cross Site Scripting XSS in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinalcms/front/person/profile.html'...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

PT-2024-39537 · Unknown · Funnyzpc Mee-Admin

Name of the Vulnerable Software and Affected Versions: funnyzpc Mee-Admin versions up to 1.6 Description: A problematic issue was found in the User Center component, affecting an unknown part of the file /mee/index. The manipulation of the User Nickname argument leads to cross-site scripting. Thi...

PT-2024-38269 · Unknown · Xinhu Rockoa

Name of the Vulnerable Software and Affected Versions: Xinhu RockOA version 2.6.2 Description: A critical issue was found in the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be...

Xinhu RockOA SQL注入漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A SQL injection vulnerability exists in Xinhu RockOA version 2.6.2, which originates from the parameter nickName in the function dataAction /webmain/task/openapi/openmodhetongAction.php, which can lead to SQL injection...

Litemall Security Breach

Litemall is an e-commerce system for Linlinjava individual developers. A security vulnerability exists in Litemall v.1.8.0 that allows remote attackers to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component...

CVE-2020-21052

Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function...

ZrLog 跨站脚本漏洞

ZrLog is a blogging system developed using the Java language. A cross-site scripting XSS vulnerability exists in ZrLog version 2.1.3. An attacker can exploit this vulnerability to execute arbitrary code via the nickname parameter of the /post/addComment function...