Wix.com Security Flaw Leaves Millions of Websites Vulnerable

Wix.com Security Flaw Leaves Millions of Websites Vulnerable

A XSS vulnerability discovered on the Wix.com platform has putt millions of websites and their users at risk of attack.

Wix.com, a website design platform that became popular for its drag and drop templates, has 87 million registered users and even more websites hosted on their platform, all of which are currently vulnerable to an XSS bug that can be utilized by attackers to create worms capable of taking over an administrator account.

Basically, by exploiting the vulnerability, someone can take full control over any website built on the platform.

Matt Austin, a security researcher from Contrast Security, wrote in a blog post that the Wix.com platform has a server DOM XSS vulnerability that can be altered by simply adding a single parameter to any site created on Wix.com. All an attacker would have to do is add a redirection command to any URL created on the platform to successfully take over.

Attackers could also use template demos, hosted on the Wix.com domain, to gain access to admin session cookies and resources. One a session cookie is stolen; an attacker can place the DOM XSS in an iframe that will then host malicious content on any website controlled by a single operator.

Austin said that he requested to for a security contact to disclose the issue, but Wix.com replied with, “We are investigating the matter and will follow up with you as soon as possible.”

Featured

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.