Known vulnerabilities: Difference between revisions
From Vintage Story Wiki
No edit summary |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
This is a list of known vulnerabilities across all Vintage Story services: | This is a list of known vulnerabilities across all Vintage Story services: | ||
===Wiki=== | |||
* [https://wiki.vintagestory.at/index.php?title=Hi_please_go_to_www.evil.com_for_more_information Wiki URL Content Spoofing] | * [https://wiki.vintagestory.at/index.php?title=Hi_please_go_to_www.evil.com_for_more_information Wiki URL Content Spoofing] | ||
===InvisionCommunity=== | |||
* User email enumeration through the forget password function | * User email enumeration through the forget password function | ||
* Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites) | * Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites) | ||
* Malicious site linking - we do not prevent users to link to a malicious site | |||
* EXIF data not filtered for certain image uploads | |||
* Changing email addresses does not invalidate password reset links | |||
* Missing DMARC record for emails | |||
Latest revision as of 10:54, 13 May 2024
This is a list of known vulnerabilities across all Vintage Story services:
Wiki
InvisionCommunity
- User email enumeration through the forget password function
- Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites)
- Malicious site linking - we do not prevent users to link to a malicious site
- EXIF data not filtered for certain image uploads
- Changing email addresses does not invalidate password reset links
- Missing DMARC record for emails
