CVE-2020-8280
CVE-2020-8280 — Nextcloud Contacts 3.4.0 suffers from a missing file type check that lets an attacker upload SVG files with a PNG extension to trigger cross-site scripting (XSS) when viewing a contact image. The issue is documented across multiple feeds (NVD/NSS, CNVD, Red Hat, OSV, CNVD) and is ...