{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T06:50:12.142","vulnerabilities":[{"cve":{"id":"CVE-2025-54117","sourceIdentifier":"security-advisories@github.com","published":"2025-08-18T16:15:29.140","lastModified":"2025-08-20T21:23:49.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed in 2.2.4."},{"lang":"es","value":"NamelessMC es un software web gratuito, fácil de usar y potente para servidores de Minecraft. Una vulnerabilidad de Cross-site scripting (XSS) en NamelessMC anterior a la versión 2.2.3 permite a atacantes remotos autenticados inyectar código web o HTML arbitrario a través del editor de texto del panel. Esta vulnerabilidad se corrigió en la versión 2.2.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-80"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*","versionEndExcluding":"2.2.4","matchCriteriaId":"6FE24BDD-51F8-4096-A5E5-3394EA4EE64E"}]}]}],"references":[{"url":"https://github.com/NamelessMC/Nameless/commit/0e77706b2966dd9f2e30502126d6581ecc001f09","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/NamelessMC/Nameless/security/advisories/GHSA-gp3j-j84w-vqxx","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}