Twitter is vulnerable to a serious cross-site scripting (XSS) vulnerability that could allow an attacker to hijack users’ accounts or, in conjunction with other exploit code, compromise their computers, according to Information Week.

Proof-of-concept exploit code has been posted by Secure Science researchers Lance James and Eric Wastl. They say that Twitter has been notified but has not yet responded to them.

AOL guru highlights tools, APIs, ad platform and mobile delivery options for Web 2.0-style apps tied to AIM, Mail and AOL Video.

The proof-of-concept code page offers those clicking on the link a choice of whether they want to be exploited or not. Those who accept will trigger the exploit, causing the message "I just got owned!" to be posted to the Twitter XSSExploits account.

Twitter did not immediately respond to a request for comment.

"The vulnerability is still active," said Wastl. "Basically, we produce a link and if a Twitter user clicks on it, it allows us to hijack their accounts."

XSS vulnerabilities allow attackers to inject malicious code into Web pages, including HTML and client-side scripts. They can be used to bypass access controls, steal information, and conduct phishing attacks.