NamelessMC Reflected Cross-Site Scripting Vulnerability in User Queries Endpoint

A reflected cross-site scripting vulnerability has been identified in NamelessMC version 2.2.4. The issue arises in the 'id' parameter of the '/index.php?route=/queries/user/' endpoint, where user-supplied input is reflected in the HTML response without adequate sanitization or output encoding. This allows attackers to craft malicious URLs containing JavaScript, which, when accessed by victims, executes in their browsers within the context of the vulnerable application. Such exploitation could lead to session hijacking, phishing attacks, or manipulation of page content. The vulnerability has been patched in version 2.2.5.

Impact

Exploitation allows for the execution of arbitrary JavaScript in the victim's browser, with potential consequences including session cookie theft, phishing attacks, and DOM manipulation of the vulnerable application.

Reproduction

To reproduce this vulnerability, send a GET request to '/index.php?route=/queries/user/' with a crafted 'id' parameter that includes JavaScript payloads, such as an 'onerror' event handler. The injected script will execute in the context of the application, demonstrating the cross-site scripting vulnerability.

Remediation

Users can upgrade to NamelessMC version 2.2.5 to address this vulnerability.