"Our team responded quickly and we have eliminated most of the spam caused by this attack," the statement said. "We are now working to improve our systems to better defend against similar attacks in the future."
According to Facebook, no user data or accounts were compromised during the attack.
Facebook said it built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit the vulnerability.
"Protecting the people who use Facebook from spam and malicious content is a top priority for us," Facebook said.
Meantime, Facebook warned users to never cut and paste unknown code into a browser's address bar, and to always use an up-to-date browser, as well as to flag and report any suspicious content.