Ask HN: Is Lemmy Suffering an Exploit?

10 points by urda ↗ HN
Lemmy might be suffering from an XSS attack [1]. It looks like a few major groups are impacted [2] [3] [4]. It seems odd for them to all suffer admin credentials leaking at the same time.

    [1] https://lemmy.ml/post/1896249
    [2] https://beehaw.org
    [3] https://lemmy.blahaj.zone/
    [4] https://lemmy.world/

7 comments

[ 5.3 ms ] story [ 31.0 ms ] thread
(comment deleted)
beehaw.org is down, but how do you know they were affected?
Not 100% sure, but the timing is odd no?
They took it down preemptively.
So yeah, seems to have a large impact all the same.
Can see the code injected by spammers/attackers as well: https://programming.dev/post/532566

One commenter mentions http cookies are used in lemmy. Not familiar with code base so I can’t confirm. So if true then this attack shouldn’t have caused such a widespread outage.

Something else might be going on