Known vulnerabilities: Difference between revisions
From Vintage Story Wiki
No edit summary |
No edit summary |
||
Line 5: | Line 5: | ||
* Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites) | * Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites) | ||
* Malicious site linking - we do not prevent users to link to a malicious site | * Malicious site linking - we do not prevent users to link to a malicious site | ||
* EXIF data not filtered for certain image uploads |
Revision as of 10:18, 20 June 2021
This is a list of known vulnerabilities across all Vintage Story services:
- Wiki URL Content Spoofing
- User email enumeration through the forget password function
- Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites)
- Malicious site linking - we do not prevent users to link to a malicious site
- EXIF data not filtered for certain image uploads