Technology

9 readers

1 users here now

Talk about anything tech related!

founded 2 years ago

MODERATORS

Kaizen@lemmy.fmhy.ml

nullishcat@lemmy.fmhy.ml

(URGENT) Lemmy has an XSS vulnerability in the sidebar (toad.work)

submitted 2 years ago by brad@toad.work to c/tech@lemmy.fmhy.ml

1 comments fedilink hide all child comments

cross-posted from: https://sh.itjust.works/post/923025

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar.

It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars.

top 1 comments

sorted by: hot top controversial new old

[–] p03locke@lemmy.dbzer0.com 3 points 2 years ago

Pretend that all HTML needs to be escaped and only disable it on a case-by-case basis.

permalink
fedilink
source