3 matches found
CVE-2026-1151
CVE-2026-1151 affects technical-laohu mpay (User Center) up to version 1.2.4. Manipulating the Nickname argument in an unknown function enables cross-site scripting. The issue can be exploited remotely and public PoCs exist. Remediation: update to version 1.2.4 or later (versions prior to 1.2.4 s...
CVE-2026-1152
The affected software is technical-laohu mpay (versions up to 1.2.4). A vulnerability in the QR Code Image Handler allows manipulation of the codeimg argument that leads to unrestricted file upload. This can be exploited remotely, and public exploits have been disclosed. Remediation per PSIRT/PT ...
CVE-2026-1153
The CVE-2026-1153 entry concerns the software package technical-laohu mpay up to version 1.2.4, with a cross-site request forgery (CSRF) condition caused by manipulation of an unknown function. The burdened documents indicate a remote exploitation path is possible and that the exploit is public, ...