Conversation

Notices

1. :btrfly: anime graf mays 🛰️🪐 (graf@poa.st)'s status on Wednesday, 30-Aug-2023 16:03:21 JST :btrfly: anime graf mays 🛰️🪐
   fellas i hope you are ready for new (several) pleroma exploits
   consooom pleroma exploits get excited for new pleroma exploits
   • Niko :lyrical_lily: likes this.
   • Machismo (zerglingman@freespeechextremist.com)'s status on Wednesday, 30-Aug-2023 16:03:56 JST Machismo

     in reply to
     @graf How many of them don't involve JS injection?
   • Tyler (tyler@1611.social)'s status on Wednesday, 30-Aug-2023 16:05:08 JST Tyler

     in reply to

     • Machismo
     goodnight mean graf
     Machismo likes this.
   • :niggy: (niggy@poa.st)'s status on Wednesday, 30-Aug-2023 16:11:09 JST :niggy:

     in reply to

     • Machismo
     @Zerglingman @graf no XSS stuff, people worked pretty hard at finding all those vectors in the backend, and the standard Poast frontend (Soapbox) dev is actually competent and has CSP that mitigates that. Soapbox has never had a XSS vulnerability I believe
     Even a couple of years ago when I reported exploitable HTML injection (forms + css), there wasn't XSS
   • Hollyjollytailspike (monsterislandcolonizer@poa.st)'s status on Wednesday, 30-Aug-2023 16:12:14 JST Hollyjollytailspike

     in reply to
     @graf Been putting ChatGPT to work huh?
   • :btrfly: anime graf mays 🛰️🪐 (graf@poa.st)'s status on Wednesday, 30-Aug-2023 16:12:16 JST :btrfly: anime graf mays 🛰️🪐

     in reply to

     • Hollyjollytailspike
     @monsterislandcolonizer no we actually have someone auditing the code and providing real world examples. the majority looks like staff escalation in this round