23 matches found
CVE-2025-54117
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...
CVE-2025-22142
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...
CVE-2025-22144
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when t...
CVE-2025-29784
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to...
CVE-2025-29784
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to...
CVE-2025-31120
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie nl-topic-t...
CVE-2025-32389 NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure...
CVE-2025-31120 NamelessMC Vulnerable to Cookie-Based View Count Manipulation
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie nl-topic-t...
CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator...
CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator...
CVE-2025-29784
CVE-2025-29784 affects NamelessMC (2.1.4 and earlier). The s parameter in forum search GET requests lacks length validation, enabling excessive query lengths that can cause performance degradation and potential DoS. The issue is fixed in version 2.2.0. CVSS v3.1 base score 7.5 (HIGH). Remediation...
NamelessMC 安全漏洞
NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. A security vulnerability exists in NamelessMC 2.1.4 and earlier versions that stems from the fact that deleting a malicious account causes the...
PT-2025-17314 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.1.4 Description: The issue is related to SQL injection by providing an unexpected square bracket GET parameter syntax. This syntax refers to the structure ?param0=a¶m1=b¶m2=c utilized by PHP, which is...
PT-2025-17308 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions 2.1.4 and prior Description: The issue concerns a lack of length validation for the s parameter in GET requests for the forum search functionality, allowing attackers to submit excessively long search queries. This can lea...
PT-2025-17311 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions 2.1.4 and prior Description: The issue concerns the forum quick reply feature, specifically the view topic.php endpoint, which lacks a spam prevention mechanism. This allows authenticated users to post replies continuously...
PT-2025-17309 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions 2.1.4 and prior Description: The issue allows an authenticated attacker to perform a UI-based denial of service DoS by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This is...
CVE-2025-22144
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when t...
CVE-2025-22142
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...
CVE-2025-22142 Cross-site Scripting in NamelessMC
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...
CVE-2025-22142 Cross-site Scripting in NamelessMC
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...