(Reading time: 2 - 3 minutes)
Wix XSS Security Flaw Patched

Wix XSS Security Flaw Patched

  
Comments (0)
Wix patches XSS security flaw

Information

Last Updated
June 29, 2017
Company Name
Wix.com
Year Established
2006
Free Trial
14 Day Free Trial
Support Options
  • Email
  • FAQ
  • Forum
  • Livechat
  • Telephone
Websites Powered
87,000,000
Support Telephone (UK)
+1-415-639-9034

Online website builder Wix recently revealed a DOM XSS vulnerability which left its entire platform at risk of attack.

The XSS bug could be used by attackers to create a worm with the ability to take over an administrator account. This would give the perpetrator full access to the Wix website.

According to Matt Austin, Senior security research engineer at Contrast security Wix.com had a severe DOM XSS vulnerability that allowed an attacker complete control over any website hosted at Wix. Simply by adding a single parameter to any site created on Wix, the attacker could cause their JavaScript to be loaded and run as part of the target website.

If you want to know the gory details, then head on over to Matt's post at Contrast Security.

The flaw has since been patched, and Wix has put in place a bounty program to prevent further security issues of this type.

"We take the security of our customers very seriously. After a thorough examination we can state that the matter has been addressed," the company said in an email. "We do operate a formal bug bounty program and are taking steps to widen the community."

However, this issue confirms something that I already knew – Wix doesn't listen to their customers properly.

In this case, the researchers contacted Wix with the details of the vulnerability three weeks before making it public news without hearing anything back.

It's a modern day plague where a company grows so fast and so quickly that they can't keep up with all their communication channels.

The good news is that they managed to fix the problem quickly.

The bad news is that exploits like this exist and no doubt will happen again in the future.

Always take steps to make sure you backup your data. It's not sufficient to rely on your supplier and hope that you'll never need to use a backup. It's your data; you should back it up.

If the unthinkable did happen and an exploit like this made it into the wild, then it could take a whole cloud network down within hours. You'd lose access to your site and data.

Coming on the back of Weebly's belated announcement that its platform was hacked back in February and 43 million account details stolen and the spat between Wix and Wordpress it's not been a good week for online website builder companies.

Both companies values continue to rise though, and there is no sign of either star waning. Wix has doubled in value since January although it closed lower today at around $39 off its October 19th high of $46.

Wix.com Website Builder. Start Building Your Website Today!

User comments

There are no user comments for this listing.
Already have an account?
Comments

SEMRush SEO Tool

SEMrush

You Might Also Like...

How to find the perfect domain name
Last Updated: December 29, 2017
You've spent an eternity researching your eCommerce website idea, and everything is falling into place, except for one all important item: your domain name. That damn "whois" search box...
Wix v Weebly, Drag and drop website builders compared
Last Updated: June 29, 2017
Life is too short for endless comparisons. You want to build a website, and you want it made today. Forget about using one of the free...
The Website Promotion Technique That Will Light A Fire Under Your Ass!
Last Updated: June 30, 2017
"I'm getting too many orders." "We are running out of stock fast." "The servers are overloaded with traffic." All statements you would love to be able to say. All...
Build Your Blog Into A Marketing Monster – One Post At A Time
Last Updated: June 30, 2017
Have you ever sat down to write a blog post without any thought or preparation? Then you'll know how tough it can be to get started. ...
How to select the right colour scheme for your website
Last Updated: June 30, 2017
When I was 18, I applied to join the army and found out I was colour blind. Nothing dramatic. I found it difficult to distinguish between...

Custom Logos & Graphics - Super Fast Service - Enquire Today!

Search Storebuilder

Category:
Keywords:
Editor Rating: