Known vulnerabilities: Difference between revisions
From Vintage Story Wiki
No edit summary |
|||
Line 9: | Line 9: | ||
* EXIF data not filtered for certain image uploads | * EXIF data not filtered for certain image uploads | ||
* Changing email addresses does not invalidate password reset links | * Changing email addresses does not invalidate password reset links | ||
* Missing DMARC record for emails |
Latest revision as of 10:54, 13 May 2024
This is a list of known vulnerabilities across all Vintage Story services:
Wiki
InvisionCommunity
- User email enumeration through the forget password function
- Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites)
- Malicious site linking - we do not prevent users to link to a malicious site
- EXIF data not filtered for certain image uploads
- Changing email addresses does not invalidate password reset links
- Missing DMARC record for emails