• redcalcium@c.calciumlabs.com
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    It seems the database and the server itself is not compromised? Just an admin account that used to post a markdown XSS exploit?

    • Max-P@lemmy.max-p.me
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      Pretty much, and it’s not even XSS (it’s not cross-site), it’s just plain basic HTML injection breaking out of Markdown. At least as far as I was able to find.