{"id":"CVE-2022-23543","summary":"HTML attributes when attaching a YouTube link to the post","details":"Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `\u003ciframe\u003e` when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert(\"xss\")`) to the `\u003ciframe\u003e'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.","modified":"2026-05-04T08:43:03.625120494Z","published":"2022-12-19T21:30:09.836Z","withdrawn":"2026-05-04T08:38:11.324121Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23543.json","cwe_ids":["CWE-80"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23543.json"},{"type":"ADVISORY","url":"https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-62r9-4v3r-rw89"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23543"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23543.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}