Cross-site Sscripting (XSS) Caused "onMouseOver" Incident On Twitter

On Twitter's newly redesigned site, an old patched security hole resurfaced, and the majority related to this incident fell under the prank or promotional categories. "A user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a […]

On Twitter's newly redesigned site, an old patched security hole resurfaced, and the majority related to this incident fell under the prank or promotional categories. "A user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This's why folks are referring to this an "onMouseOver" flaw -- the exploit occurred when someone moused over a link.

In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user.," explains Twitter.

Though the current exploits are still mostly harmless in nature, this hole can easily be used to redirect Twitter users to sites containing malware. Twitter claimed to have fully patched the cross-site scripting exploit now.

[Source]