XSS (Cross Site Scripting) vulnerability hits twitter.com.
The flaw used simple JavaScript function to call onMouseOver which created an event when the mouse is passed over an area of text. The user was then redirected to a third party site without the users consent.
Twitter’s @safety account tweeted Tuesday morning, “We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.”
As of 10:00AM EST twitter issued this statement “This should now be fully patched and is no longer exploitable.”
Mashable estimates that the security flaw “has been widely exploited on thousands of Twitter accounts.” TechCrunch reports the onMouseover exploit may have spread to as many as 40,000 tweets in just 10 minutes.
Have you seen it? How has it affected you? Let us know below.




