Filtered by vendor Silverwaregames Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-40182 1 Silverwaregames 1 Silverwaregames 2024-11-21 3.7 Low
Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.
CVE-2023-40179 1 Silverwaregames 1 Silverwaregames 2024-11-21 5.3 Medium
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.
CVE-2023-29192 1 Silverwaregames 1 Silverwaregames 2024-11-21 2.7 Low
SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.
CVE-2022-36072 1 Silverwaregames 1 Silverwaregames 2024-11-21 5.9 Medium
SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the `0e` symbols were being handled as zero multiplied with the `e` number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using `===` instead of `==` in comparisons where it is possible (e.g. on sign in/sign up handlers).
CVE-2022-23543 1 Silverwaregames 1 Silverwaregames 2024-11-21 6.3 Medium
Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `<iframe>` when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert("xss")`) to the `<iframe>'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.