Titles of most admin posts have been modified to include links. Which seems to be escaped so no big deal, but still a shitty move. Probably an automated attack tho.
Visible at Elektronauts
I’ve alerted mods but idk what more can be done.
10 Likes
We’ll ping the person who manages that content
5 Likes
That content is inaccessible from the discourse suite… it’s bespoke and manually added by an Elektron dev, so it will be messy for a while in all likelihood
2 Likes
Also can’t click on the user icon to open notifications from the front page…or does it work for anyone else?
It seems to insert a link in posts too. I typed the words “project file” and something inserted a link in my post afterwards. I had to manually remove it.
At this point, I would assume broader compromise (better be safe than sorry). The current version of the Discourse forum software hosted on elektronauts.com is dated back to April '25 after which a number of vulnerabilities ranging from high to critical rating have been published.
This effectively means that elektronauts.com is currently unpatched against known security flaws that any arbitrary attacker could be and probably is in the process of exploiting right now. I’d recommend to investigate logs ASAP and to always keep the forum software up-to-date with the latest stable version.
5 Likes
Could not reproduce but yeah this might be bigger than just a compromised account.
Yesterday I got a message from my IT at work that there was a massive attack on Microsoft Teams and Outlook. An app got installed making called via teams and sending messages making it look like your colleagues sent links to open. Of course not what’s going on here but just saying that there has been big attacks lately so seems possible this is also something wide spread.
Looks clean now, not heard back officially about this, it might have been spotted independently.
Hopefully they’ll patch this up
3 Likes
It’s still in the historic Talk header category.
(just mentioning this for sake of completeness – I’m really glad someone is looking into it even on a day like this! 
)
1 Like
We’re looking into this now. Thanks for bringing it to our attention.
19 Likes
I know it’s holiday season but it looks like this instance is still affected by CVE-2025-48877 and other security vulnerabilities of high and critical impact that allow for cross-site scripting. I’d kindly like to bring to attention that this puts the server’s integrity at risk and thus it should be addressed appropriately - as opposed to punctually mitigating the issue by removing the script that had been injected. So fixing it should involve updating the Discourse instance to a recent version or, as a mitigation of this critical issue mentioned below, the reference to codepen could be removed from the “allowed_iframes” tag. The latter would still leave the server vulnerable to all the other CVEs so updating Discourse should have highest priority.
1 Like
maybe it’s not a bad thing, maybe hackerman can steal all of the bandcamp links and help sell some music eh?
I hope Elektron doesn’t share this view of yours!
For a better understanding about what this actually means: by putting the server’s integrity at risk through accepting the existence of multiple “cross-site scripting” vulnerabilities, actual attacker code is executed in every user’s browsers and/or apps, in context of and on behalf of Elektron (so that’s exploitation of a trust boundary).
Not acting immediately and taking necessariy steps puts the entire user base at risk willingly, which is a negligent thing to do.
3 Likes
How do you see this? I can’t find the current version…
“view page source” in a browser on elektronauts.com for example.
3 Likes
Another day, and people are still exposed to critical vulnerabilities. One may wonder why attackers love to pick weekends and holiday seasons… ;p
Further reading on XSS, impact, consequences, how to fix:
This isn’t fictitious or exaggerated, people have been and are being attacked successfully as you’re reading this:
While Elektron is still sleeping on topics security, it’s probably a good idea to exercise extra caution and enable two-factor-authentication, as attackers may try to compromise your accounts.
3 Likes