- Description
- NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed in 2.2.4.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- nameless
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
CVE-2025-54117 NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote… https://t.co/bo0fMOT9Db
@CVEnew
18 Aug 2025
251 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54117: CRITICAL] Stay secure online with NamelessMC 2.2.4! Update now to patch the XSS vulnerability and protect your Minecraft server website from remote attacks. #Cybersecurity#cve,CVE-2025-54117,#cybersecurity https://t.co/HD7BVYbCM0 https://t.co/oKDoFq3E7S
@CveFindCom
18 Aug 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE24BDD-51F8-4096-A5E5-3394EA4EE64E",
"versionEndExcluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]