TIL Lemmy has an XSS vulnerability in the tagline, the sidebar and in the legal information field - (

DO NOT OPEN THE “LEGAL” PAGE — is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar. It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars....

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • updates
  • drbboard
  • programming
  • til
  • tech
  • bitcoincash
  • testing
  • japanese_idols
  • All magazines