XSS Vulnerability In Wix.com Puts Millions Of Websites At Risk

  • 323
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    323
    Shares

Wix.com -The website hosting provider which also provides free drag-and-drop website building tools is affected by n XSS vulnerability which was discovered recently. This XSS vulnerability is putting millions of websites and their users at risk of attack.

Wix hosts millions of websites with 87 million registered users all of which are currently vulnerable to an XSS bug which can be utilized by attackers to create worms capable of taking over administrator accounts. In short it gives the attackers full control over websites.

How Does This XSS Vulnerability Works?

All an attacker needs to do is add a redirection command to any URL from Wix.com and redirect to malicious JavaScript hosted else where.

Attackers can also use template and demos hosted on the main Wix.com domain to gain access to admin session cookies and resources. Once a session cookie has been stolen then the attackers can place the DOM XSS in an iframe to host malicious content on any website controlled by a single operator.

Despite being responsible for the security of millions of users, Wix hasn’t fixed this bug yet.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply