Wix.com -The website hosting provider which also provides free drag-and-drop website building tools is affected by n XSS vulnerability which was discovered recently. This XSS vulnerability is putting millions of websites and their users at risk of attack.
Wix hosts millions of websites with 87 million registered users all of which are currently vulnerable to an XSS bug which can be utilized by attackers to create worms capable of taking over administrator accounts. In short it gives the attackers full control over websites.
How Does This XSS Vulnerability Works?
All an attacker needs to do is add a redirection command to any URL from Wix.com and redirect to malicious JavaScript hosted else where.
Attackers can also use template and demos hosted on the main Wix.com domain to gain access to admin session cookies and resources. Once a session cookie has been stolen then the attackers can place the DOM XSS in an iframe to host malicious content on any website controlled by a single operator.
Despite being responsible for the security of millions of users, Wix hasn’t fixed this bug yet.
