AI Score
Confidence
High
EPSS
Percentile
22.7%
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
hackerone.com/reports/808287%2C
nextcloud.com/security/advisory/?id=NC-SA-2020-024