Wix.com -The website hosting provider which also provides free drag-and-drop website building tools is affected by n XSS vulnerability which was discovered recently. This XSS vulnerability is putting millions of websites and their users at risk of attack.
Wix hosts millions of websites with 87 million registered users all of which are currently vulnerable to an XSS bug which can be utilized by attackers to create worms capable of taking over administrator accounts. In short it gives the attackers full control over websites.
How Does This XSS Vulnerability Works?
Attackers can also use template and demos hosted on the main Wix.com domain to gain access to admin session cookies and resources. Once a session cookie has been stolen then the attackers can place the DOM XSS in an iframe to host malicious content on any website controlled by a single operator.
Despite being responsible for the security of millions of users, Wix hasn’t fixed this bug yet.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020