www.Wix.com is a great site that easily allows people create and host their own websites. It contains a very nice set of online site editors and tools. The last time I checked, wix hosted 26,756,521 user created websites and has over 25 million users. This is the only reason I deemed it very significant for them to fix the minor bugs I found.
As of now the two pretty significant Xss vulnerabilities I found on their main domain are fixed and all is well with the world :P These minor vulnerabilities are normally nothing to take too seriously, in this particular case it allowed a malicious attacker take over websites completely and possibly another couple of thousand while he's at it. Of course, it would be ethically questionable and completely illegal to write an xss self-propagating worm so it remains without proof that this was in fact possible.
The first and less serious Xss vulnerability was a reflective one in the search bar of the sites support forum. This of course could be exploited in the regular way of sending a malicious url to a particular known wix user. Another more devious way would have been to include the malicious url in an iframe on your page. (I'm unsure as to whether this is possible within wix's development tools). This would allow you to steal unaware wix users login session when they visited your site.
The second Xss vulnerability was a bit more serious as there is no way for the affected victims of knowing the exact javascript you have run, unless they are willing to disassemble an swf file. On your profile you could embed a malicious swf file from a remote location, this could run whatever javascript you please and most will be none the wiser. Using javascript it is possible to read any csrf tokens so along with stealing user logged in sessions, you could have made a worm that posts the same swf into other users profiles. This would result in a worm that spreads across the wix platform potentially affecting millions of users.
It may have taken a little bit of persistence when reporting the vulnerabilities but they promptly fixed the bugs and thanked me, for which I am of course grateful!
Hax Brah!