{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-18T20:19:37.656","vulnerabilities":[{"cve":{"id":"CVE-2025-22142","sourceIdentifier":"security-advisories@github.com","published":"2025-01-13T20:15:29.677","lastModified":"2026-06-17T08:45:18.663","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"NamelessMC es un software de sitios web gratuito, fácil de usar y potente para servidores de Minecraft. En las versiones afectadas, un administrador puede agregar la capacidad de que los usuarios completen un campo adicional y los usuarios pueden inyectar código javascript en él que se activaría una vez que un miembro del personal visite el perfil del usuario en el panel del personal. Como resultado, un atacante puede ejecutar código javascript en la ordenador del miembro del personal. Este problema se ha solucionado en la versión 2.1.3 y se recomienda a todos los usuarios que actualicen. No se conocen Workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"NamelessMC","product":"Nameless","versions":[{"version":"<= 2.1.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-13T20:06:38.399802Z","id":"CVE-2025-22142","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.3","matchCriteriaId":"4402A4C5-43C3-4436-B207-1374812080DD"}]}]}],"references":[{"url":"https://github.com/NamelessMC/Nameless/releases/tag/v2.1.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/NamelessMC/Nameless/security/advisories/GHSA-9q22-w64p-g8qm","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/NamelessMC/Nameless/security/advisories/GHSA-9q22-w64p-g8qm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}