Lucene search

CVE-2023-27472

🗓️ 06 Mar 2023 19:10:15Reported by [email protected]Type

quickentity-editor-next open source system local video game asset editor, allows arbitrary code execution, HTML tags not sanitise

Reporter	Title	Published	Views	Family All 5
OSV	CVE-2023-27472	6 Mar 202319:15	–	osv
CVE	CVE-2023-27472	6 Mar 202319:15	–	cve
Prion	Design/Logic Flaw	6 Mar 202319:15	–	prion
Vulnrichment	CVE-2023-27472 HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next	6 Mar 202318:12	–	vulnrichment
Cvelist	CVE-2023-27472 HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next	6 Mar 202318:12	–	cvelist

Nvd

Node

quickentity_editor_project quickentity_editorRange<1.28.1

Source	Link
github	www.github.com/atampy25/quickentity-editor-next/commit/5303b45a20a6e4e9318729b8dd7bbf09b37b369d
github	www.github.com/atampy25/quickentity-editor-next/security/advisories/GHSA-22gc-rq5x-fxpw

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Mar 2023 19:15Current

8.4High risk

Vulners AI Score8.4

CVSS36.1

EPSS0.00063

CWE-79

quickentity-editor-next open-source system-local video-game asset-editor html-tags not-sanitised xss-vulnerability arbitrary-code-execution browser-sandbox patch upgrade vulnerability