Lucene search
GoogleOSV:CVE-2021-39221HistoryOct 25, 2021 - 7:15 p.m.
CVE-2021-39221
2021-10-2519:15:09
Google
osv.dev
4
nextcloud
contacts
xss
vulnerability
cross-site scripting
content-security-policy
upgrade
modern browsers
workaround
browser support
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Contacts application is upgraded to 4.0.3. As a workaround, one may use a browser that has support for Content-Security-Policy.
Related
cve
cve
CVE-2021-39221
2021-10-25 19:15:09
prion
prion
Cross site scripting
2021-10-25 19:15:00
nvd
nvd
CVE-2021-39221
2021-10-25 19:15:09
cnvd
cnvd
Nextcloud Contacts Cross-Site Scripting Vulnerability
2021-10-28 00:00:00
nextcloud
nextcloud
XSS in Contacts
2021-10-25 11:00:04
cvelist
cvelist
CVE-2021-39221 XSS in Contacts
2021-10-25 19:05:10