174

(URGENT) Lemmy has an XSS vulnerability in the sidebar

posted
by
Avatar
AlternateRoute@lemmy.ca
in
Avatar
main@lemmy.ca
42 comments
hidereport

cross-posted from: https://sh.itjust.works/post/923025

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar.

It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
TruckBC@lemmy.caM
5 points

While I respect their decision, I believe that’s a over-reaction at this point and we will not be doing that, yet.

permalink
report
parent
reply

Lemmy.ca's Main Community

!main@lemmy.ca

Create post

Welcome to lemmy.ca’s c/main!

Since everyone on lemmy.ca gets subscribed here, this is the place to chat about the goings on at lemmy.ca, support-type items, suggestions, etc.

Announcements can be found at https://lemmy.ca/c/meta

For support related to this instance, use https://lemmy.ca/c/lemmy_ca_support

Community stats

  • 87

    Monthly active users

  • 230

    Posts

  • 2.8K

    Comments

Community moderators