Description
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0.
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-jhvp-mwj4-922m
Patch x_refsource_misc
https://github.com/NamelessMC/Nameless/commit/51e9d93aaa28d40f060b807533d22b768abea207
Release Notes x_refsource_misc
https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0
Scores
CVSS v3
7.1
EPSS
0.0039
EPSS Percentile
60.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (1)
namelessmc/nameless
< 2.2.0
Published
Apr 18, 2025
Tracked Since
Feb 18, 2026