(URGENT) Lemmy has an XSS vulnerability in the sidebar - eviltoast

cross-posted from: https://sh.itjust.works/post/923025

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar.

It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars.

    • P03 Locke@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      No, this shit is embarrassing. Nobody should be hit by Bobby Tables.

      Lemmy leadership needs to re-think their priorities. They’ve entered the big leagues and are still pretending they are in the kid’s sandbox.