Wix, the provider of a widely used cloud-based web development platform, appears to have had a significant bug on its hands that could have paved the way for a computer worm to do serious damage to websites around world.
The problem was related to an XSS (cross-site scripting) vulnerability that was found in websites built with Wix, according to Matt Austin, a researcher with Contrast Security.
Though Wix says it has fixed the issue, it illustrates how a few lines of bad code can potentially do widespread damage.
XSS vulnerabilities are common, and result from flaws in websites’ coding. Hackers can take advantage of them to trick users’ browsers into running malicious scripts that, for example, could download a computer virus or expose the internet cookies that are on their machines. Austin found the same kind of problem in websites from Wix, which builds websites and has 87 million users in Europe, Latin America, Asia.