Meta (slrpnk.net)

749 readers

9 users here now

Here we can discuss anything about this Lemmy instance/server itself.

Our XMPP support chat: Movim or XMPP client.

Please also refer to our Wiki

founded 3 years ago

MODERATORS

poVoq@slrpnk.net

Five@slrpnk.net

ProdigalFrog@slrpnk.net

(URGENT) Lemmy has an XSS vulnerability in the sidebar (slrpnk.net)

submitted 2 years ago by j_roby@slrpnk.net to c/meta@slrpnk.net

3 comments fedilink hide all child comments

cross-posted from: https://sh.itjust.works/post/923025

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar.

It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars.

top 3 comments

sorted by: hot top controversial new old

[–] j_roby@slrpnk.net 8 points 2 years ago (1 children)

I just saw this on my feed. It's above my pay grade, but seemed urgent enough to cross post here

[–] j_roby@slrpnk.net 4 points 2 years ago

More info here:

https://lemmy.ml/post/1895271

[–] poVoq@slrpnk.net 5 points 2 years ago

I applied the mitigations and unvalidated all login tokens.

As far as I can tell slrpnk.net was not directly effected though.