Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next
Vulnerability Description
quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
QuickEntity Editor 跨站脚本漏洞
Vulnerability Description
QuickEntity Editor是atampy25个人开发者的一个 QuickEntity 编辑器。 QuickEntity Editor 存在跨站脚本漏洞,该漏洞源于实体名称中的HTML标签未被清理。
CVSS Information
N/A
Vulnerability Type
N/A