CVE-2022-23543 Information

Description

Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos the site will generate related <iframe> when the post will be published. The handler has some sort of protection so non-YouTube links can’t be posted as well as HTML tags are being stripped. However it was still possible to add custom HTML attributes (e.g. onclick=alert(ss\)) to the <iframe>'. This issue was fixed in the version 1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.

Reference

https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-62r9-4v3r-rw89