CVE-2020-35774
published 2020-12-29CVE-2020-35774: server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms…
PriorityP356medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
87.62%
99.7th percentile
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| twitter-server | < 20.12.0 | 20.12.0 |
Detection & IOCsextracted from sources · hover to see the quote
url/admin/histograms?h=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&fmt=plot_cdf&log_scale=true↗
- →GET request to /admin/histograms with XSS payload in the 'h' parameter; response body contains unescaped 'alert(document.domain)' and Content-Type header is text/html with HTTP 200. ↗
- →Confirm exploitation by checking that the response body reflects 'alert(document.domain)' unencoded, the Content-Type header is 'text/html', and the HTTP status code is 200. ↗
- →Vulnerable component is the twitter-server administration panel histograms handler; look for unsanitized reflection of the 'h' query parameter in HTML responses from the /admin/histograms endpoint.
- ·The XSS is only exploitable 'in some configurations' — not all deployments of twitter-server before 20.12.0 are affected. ↗
- ·The vulnerability requires an authenticated (low-privilege) user and user interaction (UI:R), limiting opportunistic exploitation.
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
TwitterServer Cross-site Scripting via /histograms endpoint
ghsa·2022-02-09
CVE-2020-35774 [MEDIUM] CWE-79 TwitterServer Cross-site Scripting via /histograms endpoint
TwitterServer Cross-site Scripting via /histograms endpoint
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.
OSV
TwitterServer Cross-site Scripting via /histograms endpoint
osv·2022-02-09
CVE-2020-35774 [MEDIUM] TwitterServer Cross-site Scripting via /histograms endpoint
TwitterServer Cross-site Scripting via /histograms endpoint
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.
No detection rules found.
Nuclei
twitter-server Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2020-35774 [MEDIUM] twitter-server Cross-Site Scripting
twitter-server Cross-Site Scripting
twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala.
Template:
id: CVE-2020-35774
info:
name: twitter-server Cross-Site Scripting
author: pikpikcu
severity: medium
description: |
twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potenti
https://advisory.checkmarx.net/advisory/CX-2020-4287https://github.com/twitter/twitter-server/commit/e0aeb87e89a6e6c711214ee2de0dd9f6e5f9cb6chttps://github.com/twitter/twitter-server/compare/twitter-server-20.10.0...twitter-server-20.12.0https://advisory.checkmarx.net/advisory/CX-2020-4287https://github.com/twitter/twitter-server/commit/e0aeb87e89a6e6c711214ee2de0dd9f6e5f9cb6chttps://github.com/twitter/twitter-server/compare/twitter-server-20.10.0...twitter-server-20.12.0
2020-12-29
Published