Lucene search

K
NamelessmcNameless

13 matches found

CVE
CVE
added 2025/04/18 4:15 p.m.66 views

CVE-2025-30357

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator de...

7.3CVSS7.2AI score0.00078EPSS
CVE
CVE
added 2025/04/18 4:15 p.m.53 views

CVE-2025-31118

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, re...

7.1CVSS6.9AI score0.00076EPSS
CVE
CVE
added 2025/04/18 4:15 p.m.52 views

CVE-2025-31120

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[t...

5.3CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2022/08/15 11:21 a.m.51 views

CVE-2022-2820

Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2.

8.2CVSS7.5AI score0.00261EPSS
CVE
CVE
added 2025/04/18 4:15 p.m.49 views

CVE-2025-29784

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performan...

7.5CVSS7.5AI score0.002EPSS
CVE
CVE
added 2025/04/18 4:15 p.m.48 views

CVE-2025-30158

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to...

7.1CVSS6.8AI score0.00134EPSS
CVE
CVE
added 2025/04/18 4:15 p.m.48 views

CVE-2025-32389

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure ?param[0]=a&param[1]=b&p...

8.6CVSS8.1AI score0.00042EPSS
CVE
CVE
added 2022/08/15 11:21 a.m.40 views

CVE-2022-2821

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2.

9.8CVSS7.8AI score0.00278EPSS
CVE
CVE
added 2025/01/13 8:15 p.m.40 views

CVE-2025-22144

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the...

9.8CVSS6.8AI score0.00111EPSS
Web
CVE
CVE
added 2025/01/13 8:15 p.m.37 views

CVE-2025-22142

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff pa...

6.3CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2025/08/18 4:15 p.m.8 views

CVE-2025-54117

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...

9CVSS5.3AI score0.0004EPSS
CVE
CVE
added 2025/08/18 4:15 p.m.4 views

CVE-2025-54421

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the default_keywords crafted parameter. This vulnerability is fix...

7.2CVSS5.3AI score0.00037EPSS
CVE
CVE
added 2025/08/18 4:15 p.m.3 views

CVE-2025-54118

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fi...

5.3CVSS6.6AI score0.00053EPSS