Unrated severityNVD Advisory· Published Jan 13, 2025· Updated Jan 13, 2025
Cross-site Scripting in NamelessMC
CVE-2025-22142
Description
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.1.3+ 1 more
- (no CPE)range: <2.1.3
- (no CPE)range: <= 2.1.2
Patches
Vulnerability mechanics
References
2- github.com/NamelessMC/Nameless/releases/tag/v2.1.3mitrex_refsource_MISC
- github.com/NamelessMC/Nameless/security/advisories/GHSA-9q22-w64p-g8qmmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.