Mesosoi

**Name of the Vulnerable Software and Affected Versions** Silverware Games versions prior to 1.3.6 **Description** The issue concerns the Password Recovery form in Silverware Games, a premium social network for online gaming. Prior to version 1.3.6, the form would indicate whether an email address is associated with a site member by throwing an error if the email was not found in the database. This behavior allowed potential attackers to determine if a specific email address is linked to a user account. Since version 1.3.6, the form always returns the "Enter the code" page, displaying a message that a code will be sent if the email is associated with an account, thus preventing attackers from identifying email addresses linked to user accounts. **Recommendations** For versions prior to 1.3.6, update to version 1.3.6 or later to prevent potential violators from determining if the site has a user with a specified email.

**Name of the Vulnerable Software and Affected Versions** SilverwareGames.io versions prior to 1.2.19 **Description** The issue allows users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19. **Recommendations** For versions prior to 1.2.19, update to version 1.2.19 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Silverware Games versions prior to 1.1.34 **Description** The issue concerns a social network where users can play games online and attach URLs to YouTube videos. When a post is published, the site generates a related `<iframe>`. Although the handler has protection against non-YouTube links and strips HTML tags, it was still possible to add custom HTML attributes, such as `onclick=alert("xss")`, to the `<iframe>`. There is no evidence that this issue was exploited. **Recommendations** For versions prior to 1.1.34, update to version 1.1.34 to resolve the issue. As a temporary workaround, consider restricting the ability to add custom HTML attributes to the `<iframe>` until the update is applied.

**Name of the Vulnerable Software and Affected Versions** SilverwareGames.io versions 1.1.8 and prior **Description** SilverwareGames.io is a social network for users to play video games online. Due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the `0e` symbols were being handled as zero multiplied with the `e` number, resulting in a hash value equal to 0. The issue was fixed by using `===` instead of `==` in comparisons, such as on sign in/sign up handlers. **Recommendations** For versions 1.1.8 and prior, update to version 1.1.9 or later, which uses `===` instead of `==` in comparisons to resolve the issue. As a temporary workaround, consider modifying the comparison operators in the affected code to use `===` for stricter type checking, until a formal update can be applied.