this post was submitted on 10 Jul 2023
52 points (98.1% liked)

Lemmy NSFW

11900 readers
2 users here now

Updates about lemmynsfw.com

founded 1 year ago
MODERATORS
 

We have little information currently, but we may at least lock the site down for preemptive safety reasons. There seems to be a serious XSS vulnerability within lemmys code. We have disabled community creation temporarily and are contemplating taking the site down temporarily as well. Please find us below and stay safe, ya'll.

https://mastodon.world/@lemmynsfw https://matrix.to/#/#lemmynsfw:matrix.org

EDIT: For the time being we have disabled federation, new user sign ups, and community creation.

top 6 comments
sorted by: hot top controversial new old
[–] DelvianSeek@lemmynsfw.com 6 points 1 year ago

Thanks for the heads up! Sounds serious. Keeping fingers crossed that it will get fixed quickly.

[–] Crackhappy@lemmynsfw.com 4 points 1 year ago (2 children)

Good luck. The real problem is that bugs like this in your code that lead to easy XSS script loads like this tend to point to a bigger problem.

[–] gavi@lemmynsfw.com 4 points 1 year ago

I agree. There needs to be an audit of lemmy entire source.

[–] cuck4mai@lemmynsfw.com 0 points 1 year ago (1 children)

This is on top of the privacy concerns and huge potential for vote manipulation.

[–] astral_avocado@lemmynsfw.com 1 points 1 year ago

What are these concerns and are they unique to Lemmy vs other fediverse type software like Mastodon?

[–] LexiconBexicon@lemmynsfw.com 1 points 1 year ago

The issue seems resolved according to lemm.ee