Atampy25

**Name of the Vulnerable Software and Affected Versions** quickentity-editor-next versions prior to 1.28.1 **Description** The issue concerns an open source, system local, video game asset editor. In affected versions, HTML tags in entity names are not sanitized, leading to an XSS vulnerability. This allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. **Recommendations** For versions prior to 1.28.1, upgrade to version 1.28.1 to resolve the issue. As a temporary workaround, consider avoiding the use of HTML tags in entity names until the upgrade is applied. Restrict access to files that may contain script tags in entity names to minimize the risk of exploitation.