Alex Gleason on Nostr: Unfortunately, Poast got hacked due to an XSS vulnerability in Pleroma FE. The ...
Unfortunately, Poast got hacked due to an XSS vulnerability in Pleroma FE. The greentext feature in Soapbox is based on the same vulnerable HTML parser that was exploited in the attack on Poast. So in order to increase the security of Soapbox, greentext was temporarily removed.
Published at
2023-06-04 00:11:27Event JSON
{
"id": "b7bcc363ca8d6e1cd26c7dcf7aac4d1042ce781effe72408ae4cf017da11a4e7",
"pubkey": "79c2cae114ea28a981e7559b4fe7854a473521a8d22a66bbab9fa248eb820ff6",
"created_at": 1685837487,
"kind": 1,
"tags": [
[
"p",
"98344cf784f96ea201acb1f5ad3964302ad65818c9e21e9ebf145f4274b16b90",
"wss://relay.mostr.pub"
],
[
"e",
"4a981fcc79331f191610074ff7aa90b231bcbbf5805b0dfb07eb4eb1bf5644e0",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://gleasonator.com/objects/02a25d41-0d5b-4c59-a54d-c1c407232a13"
]
],
"content": "Unfortunately, Poast got hacked due to an XSS vulnerability in Pleroma FE. The greentext feature in Soapbox is based on the same vulnerable HTML parser that was exploited in the attack on Poast. So in order to increase the security of Soapbox, greentext was temporarily removed.",
"sig": "cbea0d1747060816c5e729b352154f1276772943aca8e08715b3dfc904ec26408a558c85886d7fcc7e9118df11ec60d1da290f1ba247859ee122cef21ec19265"
}
