this post was submitted on 10 Jul 2023
19 points (95.2% liked)

Meta (slrpnk.net)

601 readers
18 users here now

Here we can discuss anything about this Lemmy instance/server itself.

Our XMPP support chat: Movim or XMPP client.

Please also refer to our Wiki

founded 2 years ago
MODERATORS
 

cross-posted from: https://sh.itjust.works/post/923025

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar.

It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars.

top 3 comments
sorted by: hot top controversial new old
[–] j_roby 8 points 1 year ago (1 children)

I just saw this on my feed. It's above my pay grade, but seemed urgent enough to cross post here

[–] j_roby 4 points 1 year ago
[–] poVoq 5 points 1 year ago

I applied the mitigations and unvalidated all login tokens.

As far as I can tell slrpnk.net was not directly effected though.