2 matches found
CVE-2020-8281
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting XSS attacks...
CVE-2020-8281
Nextcloud Contacts 3.3.0 is affected by a missing file type check that allows uploading SVG files, enabling cross-site scripting (XSS). The issue is documented in the Nextcloud advisory NC-SA-2020-045 and corroborated by CNVD/NVD entries and a related HackerOne report, indicating practical XSS vi...