Lemmy has an XSS vulnerability in the Markdown parser | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Lemmy has an XSS vulnerability in the Markdown parser (itjust.works)
		7 points by hardcopy on July 10, 2023 \| hide \| past \| favorite \| 2 comments

xyst on July 10, 2023 | [–]

What a blunder.

I think even the worst static code analyzers would have caught this.

Looking at the code that was injected by an attacker it seems like they were trying to extract user sessions and exfiltrate it.

https://programming.dev/post/532566

urda on July 10, 2023 | [–]

I found myself asking the same thing: https://news.ycombinator.com/item?id=36662195

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact