Yuhano

**Name of the Vulnerable Software and Affected Versions** NamelessMC versions 2.1.4 and prior **Description** The issue concerns a lack of length validation for the `s` parameter in GET requests for forum search functionality, potentially leading to performance degradation and denial-of-service (DoS) attacks. **Recommendations** For versions 2.1.4 and prior, update to version 2.2.0 to resolve the issue. As a temporary workaround, consider restricting the length of the `s` parameter in GET requests to prevent excessively long search queries.

**Name of the Vulnerable Software and Affected Versions** NamelessMC versions 2.1.4 and prior **Description** The issue concerns the forum quick reply feature, which does not implement any spam prevention mechanism in the affected versions. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. **Recommendations** For versions 2.1.4 and prior, update to version 2.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the `view topic.php` endpoint or implementing custom spam prevention measures until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** NamelessMC versions 2.1.4 and prior **Description** The issue concerns an insecure view count mechanism in the forum page of NamelessMC, a free website software for Minecraft servers. This mechanism relies on a client-side cookie (`nl-topic-[tid]`) or a session variable for guests to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. **Recommendations** For versions 2.1.4 and prior, update to version 2.2.0 to resolve the issue.