Lucene search
CVE-2020-8280
🗓️ 06 Jan 2021 21:14:15Reported by hackeroneType 
cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 177 Views
Missing file type check in Nextcloud Contacts 3.4.0 allows malicious upload of SVG files as PNG for XSS
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Nextcloud Contacts Cross-Site Scripting Vulnerability (CNVD-2021-03031) | 7 Jan 202100:00 | – | cnvd |
 | CVE-2020-8280 | 6 Jan 202120:59 | – | cvelist |
 | CVE-2020-8280 | 6 Jan 202121:15 | – | nvd |
 | XSS through image upload on contacts using svg file with png extension (NC-SA-2020-044) | 20 Oct 202000:00 | – | nextcloud |
 | Nextcloud: XSS through image upload of contacts using svg file with png extension | 5 Oct 202014:20 | – | hackerone |
 | CVE-2020-8280 | 6 Jan 202121:15 | – | osv |
 | Cross site scripting | 6 Jan 202121:15 | – | prion |
[
{
"product": "Nextcloud Contacts",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.4.1"
}
]
}
]| Source | Link |
|---|---|
| nextcloud | www.nextcloud.com/security/advisory/ |
| hackerone | www.hackerone.com/reports/998422 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo06 Jan 2021 21:15Current
5.2Medium risk
Vulners AI Score5.2
CVSS23.5
CVSS35.4
EPSS0.00217