On Twitter’s newly redesigned site, an old patched security hole resurfaced, and the majority related to this incident fell under the prank or promotional categories. “A user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This’s why folks are referring to this an “onMouseOver” flaw — the exploit occurred when someone moused over a link.
Though the current exploits are still mostly harmless in nature, this hole can easily be used to redirect Twitter users to sites containing malware. Twitter claimed to have fully patched the cross-site scripting exploit now.