Contacts Security Vulnerabilities and Issues — Contacts CVE List

Lucene search

NextcloudContacts

3 matches found

CVE•added 2023/05/30 5:15 a.m.•69 views

CVE-2023-33182

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...

4.3CVSS4.3AI score0.00154EPSS

CVE•added 2018/07/05 4:29 p.m.•46 views

CVE-2018-3764

In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or g...

4.8CVSS4.7AI score0.00348EPSS

CVE•added 2020/07/10 4:15 p.m.•41 views

CVE-2020-8181

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.

4.3CVSS4.4AI score0.00219EPSS