XSS Vulnerability In Wix.com Puts Millions Of Websites At Risk

  • 323
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    323
    Shares

Wix.com -The website hosting provider which also provides free drag-and-drop website building tools is affected by n XSS vulnerability which was discovered recently. This XSS vulnerability is putting millions of websites and their users at risk of attack.

Wix hosts millions of websites with 87 million registered users all of which are currently vulnerable to an XSS bug which can be utilized by attackers to create worms capable of taking over administrator accounts. In short it gives the attackers full control over websites.

How Does This XSS Vulnerability Works?

All an attacker needs to do is add a redirection command to any URL from Wix.com and redirect to malicious JavaScript hosted else where.

Attackers can also use template and demos hosted on the main Wix.com domain to gain access to admin session cookies and resources. Once a session cookie has been stolen then the attackers can place the DOM XSS in an iframe to host malicious content on any website controlled by a single operator.

Despite being responsible for the security of millions of users, Wix hasn’t fixed this bug yet.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply