Google says the problem was fixed within only two hours of being reported, according to the BBC.
“We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com,” a spokesperson said.
“Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours.
“The thing with a cross-site scripting attack is that it will appear that it is a message being posted by that website, which gives it a certain legitimacy, Graham Cluley of security firm Sophos told BBC News.
“It could be used to show a message that tells you to update your password; it could link to a malicious website; or it could attempt to phish you.”