Known vulnerabilities: Difference between revisions

From Vintage Story Wiki
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
This is a list of known vulnerabilities across all Vintage Story services:
This is a list of known vulnerabilities across all Vintage Story services:


===Wiki===
* [https://wiki.vintagestory.at/index.php?title=Hi_please_go_to_www.evil.com_for_more_information Wiki URL Content Spoofing]
* [https://wiki.vintagestory.at/index.php?title=Hi_please_go_to_www.evil.com_for_more_information Wiki URL Content Spoofing]
===InvisionCommunity===
* User email enumeration through the forget password function
* User email enumeration through the forget password function
* Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites)
* Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites)
* Malicious site linking - we do not prevent users to link to a malicious site
* EXIF data not filtered for certain image uploads
* Changing email addresses does not invalidate password reset links
* Missing DMARC record for emails

Latest revision as of 10:54, 13 May 2024

This is a list of known vulnerabilities across all Vintage Story services:

Wiki

InvisionCommunity

  • User email enumeration through the forget password function
  • Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites)
  • Malicious site linking - we do not prevent users to link to a malicious site
  • EXIF data not filtered for certain image uploads
  • Changing email addresses does not invalidate password reset links
  • Missing DMARC record for emails