SoylentNews

Phoenix666 [soylentnews.org] writes:

Millions of do-it-yourself websites built with the Wix web maker were at risk of hijack thanks to a brief zero day DOM-based cross-site scripting vulnerability [theregister.co.uk].

Wix boasts some 87 million users, among them two million paying subscribers.

Contrast Security researcher Matt Austin (@mattaustin) dug up the flaw he rates as severe, and attempted to get Wix to patch it under quiet private disclosure since October.

He says he heard nothing back from the web firm other than an initial receipt of the disclosure on 14 October after three subsequent update requests.

Checks appear to confirm the holes have been quietly shuttered after Austin's public disclosure. Wix has been contacted for comment.

Original Submission