XSS is a blanket term for vulnerabilities that allows attackers to inject client-side scripts. Looks like someone is already identified and submitted a pull request that contain a fix: https://github.com/LemmyNet/lemmy-ui/pull/1897/files
You would think an admin account would have 2fa enabled (unless the hack was due to a security issue in lemmy itself, but it doesnβt seem to be the case).
I see a new lemmy-ui docker image has been pushed an hour ago, tagged
0.18.2-rc.1
. Anyone know if it fixed the issue?Edit: yep, itβs fixed: https://github.com/LemmyNet/lemmy-ui/commit/e80bcf53acb8ce25ed5ef6b7eb16b90f0b07e8f1