VYPR
Unrated severityNVD Advisory· Published Aug 18, 2025· Updated Aug 18, 2025

NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component

CVE-2025-54421

Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the default_keywords crafted parameter. This vulnerability is fixed in 2.2.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Namelessmc/Namelessllm-fuzzy2 versions
    <2.2.4+ 1 more
    • (no CPE)range: <2.2.4
    • (no CPE)range: < 2.2.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.