HIGH🇬🇧 English

CVE-2025-30158

CVSS 7.1v3.1pub. 2025-04-18upd. 2025-05-13

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • Namelessmc Nameless

    APP
    Namelessmc
    < 2.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2025-54117CRITICAL9.0PL ✓ten sam produkt

XSS w edytorze tekstu panelu administracyjnego NamelessMC

CVE-2025-22144CRITICAL9.0PL ✓ten sam produkt

NamelessMC — przejęcie konta przez pusty kod resetowania hasła

CVE-2025-54421HIGH7.2ten sam produkt

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS...

CVE-2025-31118HIGH7.1ten sam produkt

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prio...

CVE-2025-29784HIGH7.5ten sam produkt

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prio...