this post was submitted on 10 Jul 2023
60 points (100.0% liked)

sh.itjust.works Main Community

7584 readers
1 users here now

Home of the sh.itjust.works instance.

Matrix

founded 1 year ago
MODERATORS
TheDude@sh.itjust.works
manifex@sh.itjust.works
biela@sh.itjust.works
imaqtpie@sh.itjust.works
60
Is s.itjust.works affected by the XSS Vulnerability? (sh.itjust.works)
submitted 1 year ago by CannedTuna@sh.itjust.works to c/main@sh.itjust.works
13 comments fedilink hide all child comments
 

There’s plenty of posts on the topic about Lemmy.world being compromised, followed by the exploit being tracked back to an XSS exploit that I believe works on instances with custom emojis enabled. Many instances have been quick to jump on this such as feddit.uk and Behaw which took itself down temporarily.

Does this affect sh.itjust.works?

If so what are the admins doing about it?

Can we get some sort of admin post about this? Last update from them was some time ago.

Hopefully the admins have 2FA enabled on their accounts.

you are viewing a single comment's thread
view the rest of the comments
[–] LachlanUnchained@lemmyunchained.net 10 points 1 year ago* (last edited 1 year ago)

2fa could be bypassed. Didn’t matter.

All instances were equally vulnerable. But not all were targeted.

Theres been advice on mitigations to prevent this particular vulnerability. If your instance has implemented them, shouldn’t be a problem.

A UI fix should be pushed shortly.