GHSA-HG3J-6PMH-MVJR Fiora chat user avatar is vulnerable to XSS via SVG files

Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows arbitrary JavaScript execution when malicious SVG files are rendered by other users...

PT-2023-24199 · Nextcloud · Nextcloud Contacts

Name of the Vulnerable Software and Affected Versions: Nextcloud Contacts app versions prior to 4.2.4 Nextcloud Contacts app versions prior to 5.0.3 Description: The issue concerns the handling of unsanitized SVG files in the Contacts app for Nextcloud. These files are converted into JavaScript...