Known vulnerabilities: Difference between revisions
From Vintage Story Wiki
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
This is a list of known vulnerabilities across all Vintage Story services: | This is a list of known vulnerabilities across all Vintage Story services: | ||
===Wiki=== | |||
* [https://wiki.vintagestory.at/index.php?title=Hi_please_go_to_www.evil.com_for_more_information Wiki URL Content Spoofing] | * [https://wiki.vintagestory.at/index.php?title=Hi_please_go_to_www.evil.com_for_more_information Wiki URL Content Spoofing] | ||
===InvisionCommunity=== | |||
* User email enumeration through the forget password function | * User email enumeration through the forget password function | ||
* Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites) | * Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites) | ||
* Malicious site linking - we do not prevent users to link to a malicious site | * Malicious site linking - we do not prevent users to link to a malicious site | ||
* EXIF data not filtered for certain image uploads | * EXIF data not filtered for certain image uploads | ||
* Changing email addresses does not invalidate password reset links | |||
Latest revision as of 06:43, 7 April 2022
This is a list of known vulnerabilities across all Vintage Story services:
Wiki
InvisionCommunity
- User email enumeration through the forget password function
- Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites)
- Malicious site linking - we do not prevent users to link to a malicious site
- EXIF data not filtered for certain image uploads
- Changing email addresses does not invalidate password reset links
