(URGENT) Lemmy has an XSS vulnerability in the sidebar - Lemmy.ca

cross-posted from: https://sh.itjust.works/post/923025 [https://sh.itjust.works/post/923025] > lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar. > > It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars. > > [https://sh.itjust.works/pictrs/image/707c0f16-3d5c-4888-b865-34228d968ee6.png]