A DOM-based cross-site scripting vulnerability in the cloud-based development platform Wix.com put million websites at risk. The vulnerability could be exploited by attackers to gain full control over any website running on the popular platform. The flaw is still present as confirmed by Matt Austin, senior security research engineer with Contrast Security, who discovered the issue. He detailed two different attack scenarios, in one case a Wix website owner is lured by attackers into visiting a malicious URL loaded with a specially crafted JavaScript that can hijack the targets browser session.”]
Source: http://securityaffairs.co/wordpress/53022/hacking/wix-com-dom-xss.html