CVE-2023-27472

Name of the Vulnerable Software and Affected Versions quickentity-editor-next versions prior to 1.28.1

Description The issue concerns an open source, system local, video game asset editor. In affected versions, HTML tags in entity names are not sanitized, leading to an XSS vulnerability. This allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name.

Recommendations For versions prior to 1.28.1, upgrade to version 1.28.1 to resolve the issue. As a temporary workaround, consider avoiding the use of HTML tags in entity names until the upgrade is applied. Restrict access to files that may contain script tags in entity names to minimize the risk of exploitation.