CVE-2022-23543

Name of the Vulnerable Software and Affected Versions Silverware Games versions prior to 1.1.34

Description The issue concerns a social network where users can play games online and attach URLs to YouTube videos. When a post is published, the site generates a related <iframe>. Although the handler has protection against non-YouTube links and strips HTML tags, it was still possible to add custom HTML attributes, such as onclick=alert("xss"), to the <iframe>. There is no evidence that this issue was exploited.

Recommendations For versions prior to 1.1.34, update to version 1.1.34 to resolve the issue. As a temporary workaround, consider restricting the ability to add custom HTML attributes to the <iframe> until the update is applied.