A persistent cross-site scripting (XSS) vulnerability that affects HostGator India (hostgator.co.in) can, according to security researcher Aarshit Mittal, potentially expose over 1 million websites to which the company provides hosting services.
Mittal started researching HostGator India’s security after being notified by another expert, Manjot Gill, about the presence of an XSS vulnerability on one of the company’s subdomains.
After further investigating the issue, Mittal has found that a persistent XSS issue is affecting all the 64,000 HostGator subdomains and all the .in domains hosted with HostGator India.
“Each and every website hosted with Hostgator.co.in and IndiaGetOnline is vulnerable to this vulnerability,” the expert explained on cyber-n.com.
The researcher claims to have contacted HostGator about this issue, but received no response. I’ve also sent an email to the company to see if they plan on doing anything to address this security hole and I’ll update this post if they reply.