Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

namelessmc — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting namelessmc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NamelessMC is a free, open-source Minecraft server management panel designed to simplify server administration through a web interface. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) attacks, and privilege escalation flaws, contributing to its 13 CVE records. The platform's security has been compromised through improper input validation and insufficient access controls, with incidents often allowing attackers to execute arbitrary commands or gain unauthorized administrative access. Despite these vulnerabilities, its core functionality remains focused on providing server owners with tools for player management, plugin installation, and server configuration through an accessible web-based dashboard.

Top products by namelessmc: Nameless namelessmc/nameless
CVE IDTitleCVSSSeverityPublished
CVE-2025-54117 NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor — NamelessCWE-80 9.1 Critical2025-08-18
CVE-2025-54421 NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component — NamelessCWE-79 7.2 High2025-08-18
CVE-2025-54118 NamelessMC allows sensitive information disclosure in member list component — NamelessCWE-200 5.3 Medium2025-08-18
CVE-2025-32389 NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages — NamelessCWE-89 9.8 -2025-04-18
CVE-2025-31120 NamelessMC Vulnerable to Cookie-Based View Count Manipulation — NamelessCWE-565 5.3 Medium2025-04-18
CVE-2025-31118 NamelessMC Has Forum Reply Submission Time Limit Bypass — NamelessCWE-400 7.1 High2025-04-18
CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion — NamelessCWE-706 7.3 High2025-04-18
CVE-2025-30158 NamelessMC Forum iframe width/height abuse causing UI-based Denial of Service — NamelessCWE-400 7.1 High2025-04-18
CVE-2025-29784 NamelessMC Has Lack of Length Validation for s Parameter in GET Requests — NamelessCWE-130 7.5 High2025-04-18
CVE-2025-22142 Cross-site Scripting in NamelessMC — NamelessCWE-79 6.1 -2025-01-13
CVE-2025-22144 Account Takeover in NamelessMC — NamelessCWE-610 8.1 -2025-01-13
CVE-2022-2820 Session Fixation in namelessmc/nameless — namelessmc/namelessCWE-384 7.0 High2022-08-15
CVE-2022-2821 Missing Critical Step in Authentication in namelessmc/nameless — namelessmc/namelessCWE-304 7.5 -2022-08-15

This page lists every published CVE security advisory associated with namelessmc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.