35 matches found
ROS-20260129-73-0050
Vulnerability in nextcloud-app-contacts related to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2025-66554
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...
CVE-2025-66554
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...
CVE-2025-66554
CVE-2025-66554 affects the Nextcloud Contacts app. Multiple sources (NVD, Red Hat, CIRCL, OSV, CVE list, GHSA advisory, and more) describe a Stored XSS vulnerability in which a malicious user could modify the organisation and title fields to load additional CSS files. The issue existed in affecte...
CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...
CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...
EUVD-2018-15570
Malware in sbrugna...
EUVD-2020-29062
Malware in sbrugna...
EUVD-2020-29149
Malware in sbrugna...
EUVD-2020-29148
Malware in sbrugna...
EUVD-2021-25594
Malware in sbrugna...
CVE-2021-39221
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due t...
CVE-2020-8281
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting XSS attacks...
CVE-2020-8280
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting XSS attacks...
CVE-2020-8181
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars...
CVE-2023-33182 Nextcloud Contacts photos only sanitized if mime type is all lower case
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob in memory data that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...
Nextcloud Contacts 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Contacts 5.0.3 and earlier or 4.2.4 and earlier. No information about this vulnerability is available at this...
PT-2023-24199 · Nextcloud · Nextcloud Contacts
Name of the Vulnerable Software and Affected Versions: Nextcloud Contacts app versions prior to 4.2.4 Nextcloud Contacts app versions prior to 5.0.3 Description: The issue concerns the handling of unsanitized SVG files in the Contacts app for Nextcloud. These files are converted into JavaScript...
Nextcloud Contacts Cross-Site Scripting Vulnerability (CNVD-2021-03032)
Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.3.0. The vulnerability stems from a missing file type check. An attacker can exploit this vulnerability by uploading a malicious SVG file to conduct a...
Nextcloud Contacts Cross-Site Scripting Vulnerability (CNVD-2021-03031)
Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.4.0. The vulnerability stems from a missing file type check. The vulnerability can be exploited to conduct cross-site scripting attacks by uploading SVG fil...