CVE-2025-30158

Name of the Vulnerable Software and Affected Versions NamelessMC versions 2.1.4 and prior

Description The issue allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This occurs because the forum does not restrict the width and height attributes of iframe elements posted by users.

Recommendations For versions 2.1.4 and prior, update to version 2.2.0 to resolve the issue. As a temporary workaround, consider restricting the use of iframe elements in forum posts to minimize the risk of exploitation.