Twitter announced that it has corrected a cross-site scripting (XSS) flaw. This vulnerability allowed several XSS worms to spread around to users on Tuesday.

We ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit, read an update by Twitter, shortly before the situation was corrected.

The exploit stemmed from Twitter failing to deactivate JavaScript code elements in user input. This allowed for malicious tweets to be created that were activated when a user’s mouse hovered over it, sending the tweets to more users and in many cases linking to porn sites.

Source: Information Week