PT-2025-4378 · Unknown · Namelessmc

Hicortab

Published

2025-01-13

Updated

2025-01-14

CVE-2025-22142

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions NamelessMC versions prior to 2.1.3

Description The issue allows an admin to add an extra field that users can fill out, but users can inject javascript code into this field. This code is activated when a staffer visits the user's profile on the staff panel, enabling an attacker to execute javascript code on the staffer's computer.

Recommendations For versions prior to 2.1.3, upgrade to version 2.1.3 to resolve the issue. At the moment, there is no information about other workarounds for this issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-22142

GHSA-9Q22-W64P-G8QM

Affected Products

Namelessmc

PT-2025-4378 · Unknown · Namelessmc

CVE-2025-22142

Weakness Enumeration

Related Identifiers

Affected Products

References · 8