173

(URGENT) Lemmy has an XSS vulnerability in the sidebar

posted
by
Avatar
AlternateRoute@lemmy.ca
in
Avatar
main@lemmy.ca
43 comments
hidereport

cross-posted from: https://sh.itjust.works/post/923025

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar.

It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
uhvayga@kbin.social
3 points
Deleted by creator
permalink
report
reply

Lemmy.ca's Main Community

!main@lemmy.ca

Create post

Welcome to lemmy.caā€™s c/main!

Since everyone on lemmy.ca gets subscribed here, this is the place to chat about the goings on at lemmy.ca, support-type items, suggestions, etc.

Announcements can be found at https://lemmy.ca/c/meta

For support related to this instance, use https://lemmy.ca/c/lemmy_ca_support

Community stats

  • 136

    Monthly active users

  • 187

    Posts

  • 2.2K

    Comments

Community moderators