NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed in 2.2.4.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)

NamelessMC 安全漏洞

NamelessMC是NamelessMC团队的一款免费、易于使用且功能强大的网站软件。适用于您的 Minecraft 服务器，其中包含大量功能。 NamelessMC 2.2.3之前版本存在安全漏洞，该漏洞源于跨站脚本漏洞，可能导致注入恶意Web脚本或HTML。

N/A

N/A