this post was submitted on 10 Jul 2023
29 points (96.8% liked)

Lemmy NSFW

11717 readers
357 users here now

Updates about lemmynsfw.com

founded 1 year ago
MODERATORS
 

We have little information currently, but we may at least lock the site down for preemptive safety reasons. There seems to be a serious XSS vulnerability within lemmys code. We have disabled community creation temporarily and are contemplating taking the site down temporarily as well. Please find us below and stay safe, ya'll.

https://mastodon.world/@lemmynsfw https://matrix.to/#/#lemmynsfw:matrix.org

EDIT: For the time being we have disabled federation, new user sign ups, and community creation.

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago (2 children)

Good luck. The real problem is that bugs like this in your code that lead to easy XSS script loads like this tend to point to a bigger problem.

[–] [email protected] 4 points 1 year ago

I agree. There needs to be an audit of lemmy entire source.

[–] [email protected] 0 points 1 year ago (1 children)

This is on top of the privacy concerns and huge potential for vote manipulation.

[–] [email protected] 1 points 1 year ago

What are these concerns and are they unique to Lemmy vs other fediverse type software like Mastodon?

[–] [email protected] 1 points 1 year ago

The issue seems resolved according to lemm.ee

[–] [email protected] 1 points 1 year ago

Thanks for the heads up! Sounds serious. Keeping fingers crossed that it will get fixed quickly.