(Reading time: 2 - 3 minutes)
Wix XSS Security Flaw Patched

Wix XSS Security Flaw Patched

Tony Cooper  
Comments (0)
Wix patches XSS security flaw
Last Updated
May 11, 2017
Company Name
Wix.com
Year Established
2006
Free Trial
14 Day Free Trial
Support Options
  • Email
  • FAQ
  • Forum
  • Livechat
  • Telephone
Websites Powered
87,000,000
Support Telephone (UK)
+1-415-639-9034

Online website builder Wix recently revealed a DOM XSS vulnerability which left its entire platform at risk of attack.

The XSS bug could be used by attackers to create a worm with the ability to take over an administrator account. This would give the perpetrator full access to the Wix website.

According to Matt Austin, Senior security research engineer at Contrast security Wix.com had a severe DOM XSS vulnerability that allowed an attacker complete control over any website hosted at Wix. Simply by adding a single parameter to any site created on Wix, the attacker could cause their JavaScript to be loaded and run as part of the target website.

If you want to know the gory details, then head on over to Matt's post at Contrast Security.

The flaw has since been patched, and Wix has put in place a bounty program to prevent further security issues of this type.

"We take the security of our customers very seriously. After a thorough examination we can state that the matter has been addressed," the company said in an email. "We do operate a formal bug bounty program and are taking steps to widen the community."

However, this issue confirms something that I already knew – Wix doesn't listen to their customers properly.

In this case, the researchers contacted Wix with the details of the vulnerability three weeks before making it public news without hearing anything back.

It's a modern day plague where a company grows so fast and so quickly that they can't keep up with all their communication channels.

The good news is that they managed to fix the problem quickly.

The bad news is that exploits like this exist and no doubt will happen again in the future.

Always take steps to make sure you backup your data. It's not sufficient to rely on your supplier and hope that you'll never need to use a backup. It's your data; you should back it up.

If the unthinkable did happen and an exploit like this made it into the wild, then it could take a whole cloud network down within hours. You'd lose access to your site and data.

Coming on the back of Weebly's belated announcement that its platform was hacked back in February and 43 million account details stolen and the spat between Wix and Wordpress it's not been a good week for online website builder companies.

Both companies values continue to rise though, and there is no sign of either star waning. Wix has doubled in value since January although it closed lower today at around $39 off its October 19th high of $46.

Wix.com Website Builder. Start Building Your Website Today!

User comments

There are no user comments for this listing.
Already have an account?
Comments

Top Three Website Builders

GoDaddyWeeblyWix
Godaddy is the choice for building very simple websites Choose Weebly for simple websites Wix makes beautiful looking websites
6.9 7.3 7.3
Simple Websites Made With A Drag & Drop Interface. Advanced Drag And Drop Website Builder. No Restrictions On Layout Make Beautiful Websites.
£6.99/pm £8/pm £10.10/pm
GoDaddy v Weebly V Wix Comparison Table
30 Day Trial Free Plan Free Plan
Review Review Review
Website Website Website

Top Three eCommerce Builders

ShopifyEKMLemonstand
Shopify eCommerce software EKM is the choice for anyone building a UK based eCommerce site. Build highly customisable eCommerce websites using lemonstand.
8.0 8.8 8.6
Most Popular eCommerce Solution. A Great Choice For Users Who Want UK Based Support Fully Customisable With Developer Support.
£59.14/pm £49.99/pm £74.11/pm
14 Day Trial 14 Day Trial 14 Day Trial
Review Review Review
Website Website Website

Ways To Contact:

Twitter Photo ID Tony2Want to chat about your next website project or requirements? If you call now you can speak to me directly:

Call 07963 242210 and ask for Tony.

email
twitter
facebook
  icon-contact-Linkedin-1

Search Storebuilder

Category:
Keywords:
Editor Rating:

Thank You For Reading

Please Share

Website Builder Reviews

Now It's Your Turn!

I love hearing what my readers have to say about the products I review here at Storebuilder and I've made it nice and easy for you to leave a comment or a review if you have first hand experience. Don't be shy! - your experiences help other people make an informed decision.

If my website builder reviews have helped you or you think someone else might benefit from them then please share! It's the biggest compliment you can pay and so easy to do.

Why not introduce yourself on Twitter, it's always nice to put a face to a name!

LiveZilla Live Chat Software