CVE-2022-23543

Summary

Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related <iframe> when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. onclick=alert("xss")) to the <iframe>'. This issue was fixed in the version 1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.

Affected Software

VendorProductVersion RangeStatus
mesosoisilverwaregames-io-issue-tracker< 1.1.34affected

Weaknesses

  • CWE-80: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References