cbcvebase.
CVE-2020-35774
published 2020-12-29

CVE-2020-35774: server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms…

PriorityP356medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
87.62%
99.7th percentile
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.

Affected

1 ranges
VendorProductVersion rangeFixed in
twittertwitter-server< 20.12.020.12.0

Detection & IOCsextracted from sources · hover to see the quote

url/admin/histograms?h=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&fmt=plot_cdf&log_scale=true
path/admin/histograms
pathserver/handler/HistogramQueryHandler.scala
  • GET request to /admin/histograms with XSS payload in the 'h' parameter; response body contains unescaped 'alert(document.domain)' and Content-Type header is text/html with HTTP 200.
  • Confirm exploitation by checking that the response body reflects 'alert(document.domain)' unencoded, the Content-Type header is 'text/html', and the HTTP status code is 200.
  • Vulnerable component is the twitter-server administration panel histograms handler; look for unsanitized reflection of the 'h' query parameter in HTML responses from the /admin/histograms endpoint.
  • ·The XSS is only exploitable 'in some configurations' — not all deployments of twitter-server before 20.12.0 are affected.
  • ·The vulnerability requires an authenticated (low-privilege) user and user interaction (UI:R), limiting opportunistic exploitation.

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.