VYPR
Unrated severityNVD Advisory· Published Jan 13, 2025· Updated Jan 13, 2025

Cross-site Scripting in NamelessMC

CVE-2025-22142

Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Namelessmc/Namelessllm-fuzzy2 versions
    <2.1.3+ 1 more
    • (no CPE)range: <2.1.3
    • (no CPE)range: <= 2.1.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.