348

PSA: Lemmy.world has been compromised! (lemmy.ml)

submitted 2 years ago* (last edited 2 years ago) by G59@lemmy.ml to c/fediverse@lemmy.ml

207 comments fedilink hide all child comments

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?

you are viewing a single comment's thread
view the rest of the comments

[-] Max_P@lemmy.max-p.me 10 points 2 years ago

Pretty much, and it's not even XSS (it's not cross-site), it's just plain basic HTML injection breaking out of Markdown. At least as far as I was able to find.

[-] redcalcium@c.calciumlabs.com 4 points 2 years ago

XSS is a blanket term for vulnerabilities that allows attackers to inject client-side scripts. Looks like someone is already identified and submitted a pull request that contain a fix: https://github.com/LemmyNet/lemmy-ui/pull/1897/files

[-] barsoap@lemm.ee 1 points 2 years ago

Aaaargh yeah using typescript doesn't do jack when your API is stringly-typed. This erm wouldn't have happened on the backend.

this post was submitted on 10 Jul 2023

348 points (100.0% liked)

Fediverse

17899 readers

1 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

What is the fediverse?
- Short ver.
- Full ver.
Fediverse Platforms
How to run your own community

founded 5 years ago

MODERATORS

deadsuperhero@lemmy.ml

wakest@lemmy.ml