Skip Navigation
Meta @aussie.zone eatham @sh.itjust.works
(URGENT) Lemmy has an XSS vulnerability in the sidebar - sh.itjust.works
sh.itjust.works (URGENT) Lemmy has an XSS vulnerability in the tagline, the sidebar and in the legal information field - sh.itjust.works

# DO NOT OPEN THE “LEGAL” PAGE — lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar. It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars. [https://sh.itjus...

https://sh.itjust.works/post/923025

0
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)EA
eatham @sh.itjust.works
Posts 1
Comments 0