Update to the lemmy.world hack, blahaj also hacked, maybe huge lemmy exploit?
Update to the lemmy.world hack, blahaj also hacked, maybe huge lemmy exploit?
sh.itjust.works (URGENT) Lemmy has an XSS vulnerability in the tagline, the sidebar and in the legal information field - sh.itjust.works
# DO NOT OPEN THE “LEGAL” PAGE — lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar. It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars. [https://sh.itjus...
I don't really understand what any of this means, maybe someone can explain it for me, I'm a little nervous to keep browsing on lemmygrad if this can apparently be exploited thru comments and posts or something?
there's disagreement about what's happening several comments down so an explanation would be appreciated
0
comments