minus-squareOraksus@programming.devtoLemmy@lemmy.ml•(URGENT) Lemmy has an XSS vulnerability in the tagline, the sidebar and in the legal information fieldlinkfedilinkEnglisharrow-up17·edit-21 year agoJust a guess I haven’t looked at the code. There is probably front end validation, but not back end validation, so forming your own http call probably allows any input. linkfedilink
Just a guess I haven’t looked at the code. There is probably front end validation, but not back end validation, so forming your own http call probably allows any input.