Unrated severityNVD Advisory· Published Jan 13, 2025· Updated Jan 13, 2025

Cross-site Scripting in NamelessMC

CVE-2025-22142

Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Namelessmc/Namelessv5
Range: <= 2.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/NamelessMC/Nameless/releases/tag/v2.1.3mitrex_refsource_MISC
github.com/NamelessMC/Nameless/security/advisories/GHSA-9q22-w64p-g8qmmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000