Submit #735773: https://gitee.com/technical-laohu/mpay mpay v1.2.4 Stored Cross-Site Scriptinginfo

Titlehttps://gitee.com/technical-laohu/mpay mpay v1.2.4 Stored Cross-Site Scripting
DescriptionIn v1.2.4 of mpay, there is a storage XSS vulnerability in the username modification function in the background,which can steal sensitive user information, tamper with page content, 和 spread malware for a long time, seriously threatening user privacy and website reputation.
Source⚠️ https://github.com/bdkuzma/vuln/issues/16
User
 baihekuz (UID 84516)
Submission01/10/2026 05:14 AM (1 month ago)
Moderation01/18/2026 02:59 PM (8 days later)
StatusAccepted
VulDB entry341744 [technical-laohu mpay up to 1.2.4 User Center Nickname cross site scripting]
Points18

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!