We have little information currently, but we may at least lock the site down for preemptive safety reasons. There seems to be a serious XSS vulnerability within lemmys code. We have disabled community creation temporarily and are contemplating taking the site down temporarily as well. Please find us below and stay safe, ya’ll.

https://mastodon.world/@lemmynsfw https://matrix.to/#/#lemmynsfw:matrix.org

EDIT: For the time being we have disabled federation, new user sign ups, and community creation.

  • @Crackhappy
    link
    English
    151 year ago

    Good luck. The real problem is that bugs like this in your code that lead to easy XSS script loads like this tend to point to a bigger problem.

    • @gaviOPM
      link
      English
      221 year ago

      I agree. There needs to be an audit of lemmy entire source.

    • Cuck4Mai
      link
      English
      111 year ago

      This is on top of the privacy concerns and huge potential for vote manipulation.

      • @astral_avocado
        link
        English
        11 year ago

        What are these concerns and are they unique to Lemmy vs other fediverse type software like Mastodon?