Vulnerabilities > Twitter
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-03 | CVE-2023-29218 | Unspecified vulnerability in Twitter Recommendation Algorithm 20230331 The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. | 7.5 |
| 2020-12-29 | CVE-2020-35774 | Cross-site Scripting vulnerability in Twitter Twitter-Server server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. | 3.5 |
| 2020-01-23 | CVE-2020-5217 | Injection vulnerability in Twitter Secure Headers In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. | 5.0 |
| 2020-01-23 | CVE-2020-5216 | Injection vulnerability in Twitter Secure Headers In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. | 5.0 |
| 2019-10-07 | CVE-2019-16263 | Improper Certificate Validation vulnerability in Twitter KIT The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. | 5.8 |
| 2019-05-06 | CVE-2019-5431 | Insufficient Verification of Data Authenticity vulnerability in Twitter KIT This vulnerability was caused by an incomplete fix to CVE-2017-0911. | 5.5 |
| 2018-02-09 | CVE-2017-0911 | Improper Authentication vulnerability in Twitter KIT Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. | 5.5 |
| 2017-09-18 | CVE-2016-10511 | Improper Certificate Validation vulnerability in Twitter 6.62/6.62.1 The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | 4.3 |
| 2014-09-30 | CVE-2014-6838 | Cryptographic Issues vulnerability in Twitter Groupama Toujours LA 1.3.0 The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |