📦 Nameless

A stored cross-site scripting (XSS) vulnerability in NamelessMC's dashboard text editor allows authenticated attackers to inject malicious scripts that execute in victims' browsers. This affects all N...

This vulnerability in NamelessMC allows attackers with admincp.core.emails or admincp.users.edit permissions to reset user passwords and take over accounts. When accounts are manually validated by pri...

This cross-site scripting (XSS) vulnerability in NamelessMC allows authenticated attackers to inject malicious scripts into web pages via the default_keywords parameter. Attackers can steal session co...

NamelessMC versions 2.1.4 and earlier have a vulnerability in forum search functionality where the 's' parameter in GET requests lacks length validation. Attackers can submit excessively long search q...

In NamelessMC versions 2.1.4 and earlier, when an administrator deletes a spammer's account, all posts by that user are deleted along with entire discussion topics created by other users. This affects...

This vulnerability allows unauthenticated attackers to artificially inflate forum view counts in NamelessMC. The insecure mechanism relies on client-side cookies to track views, so requests without th...

This is a stored cross-site scripting (XSS) vulnerability in NamelessMC where administrators can add custom user profile fields that accept JavaScript input. When staff members view affected user prof...