sh.itjust.works Main Community

7716 readers

1 users here now

Home of the sh.itjust.works instance.

founded 1 year ago

MODERATORS

TheDude@sh.itjust.works

manifex@sh.itjust.works

biela@sh.itjust.works

imaqtpie@sh.itjust.works

Is s.itjust.works affected by the XSS Vulnerability? (sh.itjust.works)

submitted 1 year ago by CannedTuna@sh.itjust.works to c/main@sh.itjust.works

1 comments fedilink hide all child comments

There’s plenty of posts on the topic about Lemmy.world being compromised, followed by the exploit being tracked back to an XSS exploit that I believe works on instances with custom emojis enabled. Many instances have been quick to jump on this such as feddit.uk and Behaw which took itself down temporarily.

Does this affect sh.itjust.works?

If so what are the admins doing about it?

Can we get some sort of admin post about this? Last update from them was some time ago.

Hopefully the admins have 2FA enabled on their accounts.

top 1 comments

sorted by: hot top controversial new old

[–] TheDude@sh.itjust.works 1 points 1 year ago

Hey all,

As others mentioned we did not have custom emojis so we were not affected by this particular attack. I have since upgraded our UI to 0.18.2-rc.1 which mitigates this XSS vulnerability.