{"vulnerability": "CVE-2022-23543", "sightings": [{"uuid": "4f599f9d-e2f1-400a-9eba-c9f9e9bea60e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23543", "type": "seen", "source": "https://t.me/cibsecurity/54935", "content": "\u203c CVE-2022-23543 \u203c\n\nSilverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `` when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert(\"xss\")`) to the `'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T00:10:48.000000Z"}]}