A cross-site scripting vulnerability on a single website can divert unsuspecting users to malicious sites. When that same vulnerability exists across millions of websites, a worm can hop from site to site and compromise even more users.
Now, a worm can exploit the XSS flaw on website building platform Wix.com on the scale of the infamous MySpace worm, researchers from Contrast Security warned.
“If the MySpace worm is any guide, taking over all the millions of websites hosted at Wix wouldn’t take very long,” Contrast Security researcher Matt Austin said in his disclosure.
To read this article in full or to leave a comment, please click here