technical-laohu mpay User Center cross site scripting_CVE-2026-1151

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Basic Information

ID CVE-2026-1151

Source VulDB

Published Jan 19, 2026 at 11:02

Affected Product

Vendor technical-laohu

Product mpay

Version 1.2.0

Affected Versions technical-laohu mpay 1.2.0
technical-laohu mpay 1.2.1
technical-laohu mpay 1.2.2
technical-laohu mpay 1.2.3
technical-laohu mpay 1.2.4

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-01-19T11:02:05.822Z",
    "modified": "2026-01-19T11:02:05.822Z",
    "type": "cve",
    "title": "technical-laohu mpay User Center cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341744\nhttps://vuldb.com/?ctiid.341744\nhttps://vuldb.com/?submit.735773\nhttps://github.com/bdkuzma/vuln/issues/16",
    "id": "CVE-2026-1151",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "technical-laohu mpay 1.2.0\ntechnical-laohu mpay 1.2.1\ntechnical-laohu mpay 1.2.2\ntechnical-laohu mpay 1.2.3\ntechnical-laohu mpay 1.2.4",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mpay",
    "version": "1.2.0",
    "vendor": "technical-laohu",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}