Known vulnerabilities

From Vintage Story Wiki
Revision as of 06:43, 7 April 2022 by Tyron (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This is a list of known vulnerabilities across all Vintage Story services:

Wiki

InvisionCommunity

  • User email enumeration through the forget password function
  • Potential Broken Link Hijacking (we don't check if all linked sites redirect to registered sites)
  • Malicious site linking - we do not prevent users to link to a malicious site
  • EXIF data not filtered for certain image uploads
  • Changing email addresses does not invalidate password reset links