Vulnerabilities > Twitter

DATE CVE VULNERABILITY TITLE RISK
2023-04-03 CVE-2023-29218 Unspecified vulnerability in Twitter Recommendation Algorithm 20230331
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023.
network
low complexity
twitter
7.5
2020-12-29 CVE-2020-35774 Cross-site Scripting vulnerability in Twitter Twitter-Server
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.
network
twitter CWE-79
3.5
2020-01-23 CVE-2020-5217 Injection vulnerability in Twitter Secure Headers
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0.
network
low complexity
twitter CWE-74
5.0
2020-01-23 CVE-2020-5216 Injection vulnerability in Twitter Secure Headers
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0.
network
low complexity
twitter CWE-74
5.0
2019-10-07 CVE-2019-16263 Improper Certificate Validation vulnerability in Twitter KIT
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate.
network
twitter CWE-295
5.8
2019-05-06 CVE-2019-5431 Insufficient Verification of Data Authenticity vulnerability in Twitter KIT
This vulnerability was caused by an incomplete fix to CVE-2017-0911.
network
low complexity
twitter CWE-345
5.5
2018-02-09 CVE-2017-0911 Improper Authentication vulnerability in Twitter KIT
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials.
network
low complexity
twitter CWE-287
5.5
2017-09-18 CVE-2016-10511 Improper Certificate Validation vulnerability in Twitter 6.62/6.62.1
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.
network
twitter CWE-295
4.3
2014-09-30 CVE-2014-6838 Cryptographic Issues vulnerability in Twitter Groupama Toujours LA 1.3.0
The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4