Contacts Security Vulnerabilities and Issues — Contacts CVE List

Lucene search

NextcloudContacts

2 matches found

CVE•added 2021/01/06 9:15 p.m.•182 views

CVE-2020-8280

A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.

5.4CVSS5.2AI score0.00217EPSS

CVE•added 2021/01/06 9:15 p.m.•178 views

CVE-2020-8281

A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.

5.4CVSS5.2AI score0.00217EPSS