Anoxydre [they/them]@jlai.lu to

France@lemmy.worldFrançais · 1 year ago

Lemmy.world et d’autres instances hackées

sh.itjust.works

cross-posted to:
genzedong@lemmygrad.ml

21

Lemmy.world et d’autres instances hackées

sh.itjust.works

Anoxydre [they/them]@jlai.lu to

France@lemmy.worldFrançais · 1 year ago

cross-posted to:
genzedong@lemmygrad.ml

(URGENT) Lemmy has an XSS vulnerability in the sidebar - sh.itjust.works

sh.itjust.works

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar. It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars. [https://sh.itjust.works/pictrs/image/707c0f16-3d5c-4888-b865-34228d968ee6.png]

Bon bah, ce qui devait arriver arriva. Plusieurs instances ont été victimes de hack via une injection XSS et vol d’identifiant des admins.

Chat

Camus@jlai.lu
cake
link
fedilink
arrow-up
1·
1 year ago
A noter qu’on est peut-être encore vulnérables sur jlailu, voir mon autre commentaire

France@lemmy.world

france@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !france@lemmy.world

Community locked: only moderators can create posts. You can still comment on posts.

Hop, !france@lemmy.world c’est finit, merci de migrer sur !france@jlai.lu

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
1 user / week
1 user / month
19 users / 6 months
12 local subscribers
2.78K subscribers
1.26K Posts
10.5K Comments
Modlog