lemmy.world is a victim of an XSS attack right now and the hacker simply
injected a JavaScript redirection into the sidebar. It appears the Lemmy backend
does not escape HTML in the main sidebar. Not sure if this is also true for
community sidebars.
[https://sh.itjust.works/pictrs/image/707c0f16-3d5...
Bon bah, ce qui devait arriver arriva. Plusieurs instances ont été victimes de hack via une injection XSS et vol d’identifiant des admins.