Vulnerabilities > Twitter > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-29 | CVE-2020-35774 | Cross-site Scripting vulnerability in Twitter Twitter-Server server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. | 5.4 |
| 2020-01-23 | CVE-2020-5217 | Injection vulnerability in Twitter Secure Headers In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. | 5.8 |
| 2020-01-23 | CVE-2020-5216 | Injection vulnerability in Twitter Secure Headers In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. | 5.8 |
| 2019-05-06 | CVE-2019-5431 | Insufficient Verification of Data Authenticity vulnerability in Twitter KIT This vulnerability was caused by an incomplete fix to CVE-2017-0911. | 5.4 |
| 2018-02-09 | CVE-2017-0911 | Improper Authentication vulnerability in Twitter KIT Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. | 5.4 |
| 2017-09-18 | CVE-2016-10511 | Improper Certificate Validation vulnerability in Twitter 6.62/6.62.1 The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | 5.9 |