Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `<iframe>` when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert("xss")`) to the `<iframe>'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LSilverwaregames
APPSilverwaregames< 1.1.34
Related vulnerabilities
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the P...
SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due t...
Silverware Games is a premium social network where people can play games online. When using the Recovery form,...
SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download li...