← Zuruck zu CVEs
CVE-2023-27472
HIGH8.2
Beschreibung
quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE Details
CVSS v3.1 Bewertung8.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht3/6/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
quickentity_editor_project:quickentity_editor
Schwachen (CWE)
CWE-79
Referenzen
https://github.com/atampy25/quickentity-editor-next/commit/5303b45a20a6e4e9318729b8dd7bbf09b37b369d(security-advisories@github.com)
https://github.com/atampy25/quickentity-editor-next/security/advisories/GHSA-22gc-rq5x-fxpw(security-advisories@github.com)
https://github.com/atampy25/quickentity-editor-next/commit/5303b45a20a6e4e9318729b8dd7bbf09b37b369d(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/atampy25/quickentity-editor-next/security/advisories/GHSA-22gc-rq5x-fxpw(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.