CVE-2026-2276

Name of the Vulnerable Software and Affected Versions Wix (affected versions not specified)

Description A Reflected Cross-Site Scripting (XSS) issue exists in the Wix web application. The vulnerability is located in the SVG image upload functionality at the ''https://manage.wix.com/account/account-settings'' endpoint, which does not adequately sanitize uploaded content. An authenticated attacker can upload a malicious SVG file containing embedded JavaScript code. This code is then stored and executed when other users view the image, potentially allowing arbitrary code execution in the victim's browser. This could result in the disclosure of sensitive information or session hijacking. The vulnerable parameter is the SVG file content itself.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.