CVE Vulnerability

CVE-2022-23543

Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `` when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert("xss")`) to the `'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-62r9-4v3r-rw89 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:silverwaregames:silverwaregames:*:*:*:*:*:*:*:*
Information

Published : 2022-12-19 10:15

Updated : 2022-12-27 06:57

NVD link : CVE-2022-23543

Mitre link : CVE-2022-23543

Products Affected
No products.
CWE
CWE-79