CVE-2026-30290

An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

EUVD-2025-201461

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

Stored XSS in contacts app via organisation and title field

None...

PT-2025-49300

Name of the Vulnerable Software and Affected Versions Nextcloud Contacts app versions prior to 5.5.4 Nextcloud Contacts app versions prior to 6.0.6 Nextcloud Contacts app versions prior to 7.2.5 Description A malicious user could modify the organisation and title fields to load additional CSS...

EUVD-2023-25533

Malicious code in bioql PyPI...

Nextcloud: Stored XSS in contacts app via organisation and title field

A stored XSS vulnerability was discovered in the contacts app of the software. The vulnerability could be triggered by inputting malicious code in the organization or title field...

CVE-2023-21436

Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID...

CVE-2023-33182

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob in memory data that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...

MAL-2025-2730 Malicious code in webhooks-contacts-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 823e5cf1e6fd5a930dbd702f998d1d88ae58e255f62e920b0262615ac2efdbbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webhooks-contacts-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 823e5cf1e6fd5a930dbd702f998d1d88ae58e255f62e920b0262615ac2efdbbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-34674

Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles...

CVE-2024-21734

SAP Marketing Contacts App - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application...

CVE-2024-21734

SAP Marketing Contacts App - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application...

Design/Logic Flaw

SAP Marketing Contacts App - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application...

CVE-2024-21734

The CVE-2024-21734 entry concerns SAP Marketing (Contacts App) version 160. A URL redirection vulnerability could allow a low-privilege attacker to trick a user into opening a malicious page, enabling a credible phishing attack with low impact on confidentiality and integrity. Documented impact i...

PT-2024-1554 · Sap · Sap Marketing

Name of the Vulnerable Software and Affected Versions: SAP Marketing Contacts App version 160 Description: The issue is related to a URL redirection vulnerability in the Contacts App component of the SAP Marketing system, which can be exploited by a remote attacker to conduct a phishing attack...

PT-2023-28424 · Contacts · Contacts

Name of the Vulnerable Software and Affected Versions: Contacts versions prior to SMR Dec-2023 Release 1 Description: The issue is related to the improper usage of implicit intent in Contacts, which allows an attacker to obtain sensitive information. Recommendations: For versions prior to SMR...