eatham@sh.itjust.works to

MetaEnglish · 2 years ago

(URGENT) Lemmy has an XSS vulnerability in the sidebar - sh.itjust.works

sh.itjust.works

23

(URGENT) Lemmy has an XSS vulnerability in the sidebar - sh.itjust.works

sh.itjust.works

eatham@sh.itjust.works to

MetaEnglish · 2 years ago

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar. It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars. [https://sh.itjust.works/pictrs/image/707c0f16-3d5c-4888-b865-34228d968ee6.png]

https://sh.itjust.works/post/923025

Chat

Aesecakes
link
fedilink
English
arrow-up
2·
2 years ago
Thank you, that worked!
- Lodion 🇦🇺MA
  link
  fedilink
  English
  arrow-up
  3·
  2 years ago
  Excellent 🙂
  - cuppaconcrete
    link
    fedilink
    English
    arrow-up
    1·
    2 years ago
    You are one of the best admins I’ve met in my coupla decades of internet usage. I love ya work mate and if you ever want a hand from a fellow sysadmin hit me up.
    - Lodion 🇦🇺MA
      link
      fedilink
      English
      arrow-up
      2·
      2 years ago
      aww thanks 😇