CVE-2020-35774
MEDIUM NUCLEITwitter TwitterServer < 20.12.0 - Cross-Site Scripting via /histograms Endpoint
Title source: llmExploitation Summary
CVE-2020-35774 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.
Nuclei Templates (1)
twitter-server Cross-Site Scripting
MEDIUMby pikpikcu
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/twitter/twitter-server/commit/e0aeb87e89a6e6c711214ee2de0dd9f6e5f9cb6c
Patch, Third Party Advisory x_refsource_misc
https://github.com/twitter/twitter-server/compare/twitter-server-20.10.0...twitter-server-20.12.0
Third Party Advisory x_refsource_misc
https://advisory.checkmarx.net/advisory/CX-2020-4287
Scores
CVSS v3
5.4
EPSS
0.8744
EPSS Percentile
99.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
com.twitter/twitter-server_2.12
0 - 20.12.0Maven
twitter/twitter-server
< 20.12.0
Published
Dec 29, 2020
Tracked Since
Feb 18, 2026