(Reading time: 2 - 3 minutes)
Wix XSS Security Flaw Patched

Wix XSS Security Flaw Patched

Tony Cooper  
Comments (0)
Wix patches XSS security flaw
Last Updated
November 04, 2016
Company Name
Year Established
Free Trial
14 Day Free Trial
Support Options
  • Email
  • FAQ
  • Forum
  • Livechat
  • Telephone
Websites Powered
Support Telephone (UK)

Online website builder Wix recently revealed a DOM XSS vulnerability which left its entire platform at risk of attack.

The XSS bug could be used by attackers to create a worm with the ability to take over an administrator account. This would give the perpetrator full access to the Wix website.

According to Matt Austin, Senior security research engineer at Contrast security Wix.com had a severe DOM XSS vulnerability that allowed an attacker complete control over any website hosted at Wix. Simply by adding a single parameter to any site created on Wix, the attacker could cause their JavaScript to be loaded and run as part of the target website.

If you want to know the gory details then head on over to Matt's post at Contrast Security.

The flaw has since been patched and Wix have put in place a bounty program to prevent further security issues of this type.

"We take the security of our customers very seriously. After thorough examination we can state that the issue has been addressed," the company said in an email. "We do operate a formal bug bounty program and are taking steps to widen the community."

However this issue confirms something that I already knew – Wix don't listen to their customers properly.

In this case the researchers contacted Wix with the details of the vulnerability three weeks prior to making it public news without hearing anything back.

It's a modern day plague where a company grows so fast and so quickly that they can't keep up with all their communication channels.

The good news is that they managed to fix the problem quickly.

The bad news is that exploits like this exist and no doubt will again in the future.

Always take steps to make sure you backup your data. It's not good enough to rely on your supplier and hope that you'll never need to use a backup. It's your data, you should back it up.

If the unthinkable did happen and an exploit like this made it into the wild then it could take a whole cloud network down within hours. You'd lose access to your site and data.

Coming on the back of Weebly's belated announcement that its platform was hacked back in February and 43 million account details stolen and the spat between Wix and Wordpress it's not been a good week for online website builder companies.

Both companies values continue to rise though and there is no sign of either star waning. Wix has doubled in value since January although it closed lower today at around $39 off its October 19th high of $46.

Wix.com Website Builder. Start Building Your Website Today!

More Blog Posts

Avoiding Internet Start Up Mistakes
Last Updated: August 24, 2016
I've been involved with my fair share of internet start up failures and it's no fun all round when the venture goes belly up. Back in the early 2000's it was "de rigeuer" to take venture capitalist money and spend it like water without looking at...
eCommerce transaction charges explained
Last Updated: May 17, 2016
You've made the decision to build an eCommerce site but how do you know that transaction charges are not going to eat up a major share of your profits? Finding the best payment gateways for your eCommerce solution can save you a stack of cash. ...
Affiliate marketing guide
Last Updated: August 24, 2016
As a method of supplementing your income or replacing a full time one, affiliate marketing is one of the best, if not the ultimate method of gaining financial freedom and being able to live a flexible lifestyle. Property Investment WAS another way. The...
Ultimate Guide to building an ecommerce store
Last Updated: November 11, 2016
Build A Successful eCommerce Business Using This Guide Building a successful eCommerce website is hard work. if you are doing it yourself then there is a tremendous amount of information to absorb. If you have a digital agency or a website designer managing...
Designing Your Company Logo
Last Updated: September 20, 2016
A well designed logo sets the tone for your business so making a logo in five minutes and calling it done is a big mistake. A logo lives with you long into the future assuming your business makes it that far and redoing it can get...
Blogging Is Your Website Promotion Tool Of Choice
Last Updated: November 01, 2016
Today I'm going to explain why blogging should be your automatic choice of marketing channel and how you use it to gain valuable search engine traffic. We live in a Google world. The search engine behemoth determines what the best search results are. There are alternatives...
Magento V Shopify
Last Updated: September 10, 2016
Why You Should Choose Shopify Over Open Source eCommerce Solutions If you are an SME (Small, Medium Enterprise) then you should be looking at a cloud based solution for your eCommerce project. Why? Because you can get started quickly, with the minimum of...
Small Business Website Building Ideas
Last Updated: November 14, 2016
The biggest asset you have as a small business owner is time. You may have plenty of meetings to go to or clients to see but you'll always be short of time. Even if you have time on your hands it shouldn't be spent building a...
Why Content marketing is a good investment
Last Updated: September 05, 2016
You’ve commissioned a new eCommerce website, its gone live and you sit back and now you sit back and wait for the mass of traffic to arrive at your door and the inevitable avalanche of orders that will come with it. It doesn’t happen that way....
How to start your ecommerce business
Last Updated: October 26, 2016
Building an eCommerce site is a fantastic way to start your own business. You can start by building it alongside a regular day job or take the plunge and start full time if you have the funds to support yourself. If the latter you'll need to...

Ways To Contact:

Twitter Photo ID Tony2Want to chat about your next website project or requirements? If you call now you can speak to me directly: Call 07963 242210 and ask for Tony.


Search Storebuilder

Editor Rating:

Thank You For Reading

Please Share

Website Builder Reviews

Now It's Your Turn!

I love hearing what my readers have to say about the products I review here at Storebuilder and I've made it nice and easy for you to leave a comment or a review if you have first hand experience. Don't be shy! - your experiences help other people make an informed decision.

If my website builder reviews have helped you or you think someone else might benefit from them then please share! It's the biggest compliment you can pay and so easy to do.

Why not introduce yourself on Twitter, it's always nice to put a face to a name!

LiveZilla Live Chat Software