CVE-2020-35774
Twitter TwitterServer (twitter-server) prior to version 20.12.0 is vulnerable to cross-site scripting via the /histograms endpoint, in configurations using HistogramQueryHandler.scala. The issue arises in the histograms component of the administration panel and could allow an attacker to inject m...