CVE-2023-27472

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-27472
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27472.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-27472
Related
  • GHSA-22gc-rq5x-fxpw
Published
2023-03-06T19:15:10Z
Modified
2025-01-15T04:48:24.275353Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/atampy25/quickentity-editor-next

Affected ranges

Type
GIT
Repo
https://github.com/atampy25/quickentity-editor-next
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.11.0
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.13.0
1.13.1
1.13.2
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6
1.15.0
1.15.1
1.15.2
1.15.3
1.16.0
1.17.0
1.17.1
1.17.2
1.17.3
1.17.4
1.17.5
1.17.6
1.17.7
1.17.8
1.18.0
1.18.1
1.18.2
1.18.3
1.18.4
1.19.0
1.2.0
1.20.0
1.20.1
1.21.0
1.22.0
1.22.1
1.22.2
1.23.0
1.24.0
1.24.1
1.24.2
1.24.3
1.24.4
1.24.5
1.24.6
1.24.7
1.24.8
1.25.0
1.25.1
1.25.2
1.26.0
1.27.0
1.27.1
1.27.2
1.27.3
1.27.4
1.27.5
1.27.6
1.27.7
1.28.0
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.8.0
1.8.1
1.9.0
1.9.1