Nameless Security Vulnerabilities and Issues — Nameless CVE List

Lucene search

NamelessmcNameless

10 matches found

CVE•added 2025/04/18 4:15 p.m.•65 views

CVE-2025-30357

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator de...

7.3CVSS7.2AI score0.00058EPSS

CVE•added 2025/04/18 4:15 p.m.•52 views

CVE-2025-31118

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, re...

7.1CVSS6.9AI score0.00059EPSS

CVE•added 2025/04/18 4:15 p.m.•51 views

CVE-2025-31120

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[t...

5.3CVSS5.4AI score0.00063EPSS

CVE•added 2022/08/15 11:21 a.m.•50 views

CVE-2022-2820

Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2.

8.2CVSS7.5AI score0.00077EPSS

CVE•added 2025/04/18 4:15 p.m.•47 views

CVE-2025-29784

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performan...

7.5CVSS7.5AI score0.00154EPSS

CVE•added 2025/04/18 4:15 p.m.•46 views

CVE-2025-30158

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to...

7.1CVSS6.8AI score0.00059EPSS

CVE•added 2025/04/18 4:15 p.m.•46 views

CVE-2025-32389

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure ?param[0]=a&param[1]=b&p...

8.6CVSS8.1AI score0.00034EPSS

CVE•added 2025/01/13 8:15 p.m.•39 views

CVE-2025-22144

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the...

9.8CVSS6.8AI score0.00088EPSS

CVE•added 2022/08/15 11:21 a.m.•38 views

CVE-2022-2821

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2.

9.8CVSS7.8AI score0.00118EPSS

CVE•added 2025/01/13 8:15 p.m.•36 views

CVE-2025-22142

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff pa...

6.3CVSS6.7AI score0.00041EPSS