Is Lemmy Suffering an Exploit?

Question

Lemmy might be suffering from an XSS attack [1]. It looks like a few major groups are impacted [2] [3] [4]. It seems odd for them to all suffer admin credentials leaking at the same time. [1] https://lemmy.ml/post/1896249 [2] https://beehaw.org [3] https://lemmy.blahaj.zone/ [4] https://lemmy.world/

pulsartwin · Accepted Answer

Looks like it was due to unsafe processing of custom emoji: https://github.com/LemmyNet/lemmy-ui/pull/1897

xyst · Answer

Can see the code injected by spammers/attackers as well: https://programming.dev/post/532566
One commenter mentions http cookies are used in lemmy. Not familiar with code base so I can’t confirm. So if true then this attack shouldn’t have caused such a widespread outage.
Something else might be going on

tivi · Answer

beehaw.org is down, but how do you know they were affected?