MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2022-23543

CVSS 6.3v3.1pub. 2022-12-19upd. 2024-11-21

Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `<iframe>` when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert("xss")`) to the `<iframe>'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • Silverwaregames

    APP
    Silverwaregames
    < 1.1.34
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2023-40179MEDIUM5.3ten sam produkt

Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the P...

CVE-2022-36072MEDIUM5.9ten sam produkt

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due t...

CVE-2023-40182LOW3.7ten sam produkt

Silverware Games is a premium social network where people can play games online. When using the Recovery form,...

CVE-2023-29192LOW2.7ten sam produkt

SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download li...

CVE-2022-23543 β€” Silverwaregames β€” MEDIUM β€” CVSS 6.3 | CVEbaza.pl