1 matches found
XSS through image upload on contacts using svg file with png extension (NC-SA-2020-044)
A missing file type check in Nextcloud Contacts 3.4.0 allowed a malicious user to upload SVG files as PNG files to perform XSS attacks...