Vulnerabilities > Nextcloud > Contacts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-30 | CVE-2023-33182 | Unspecified vulnerability in Nextcloud Contacts Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. | 4.3 |
| 2021-10-25 | CVE-2021-39221 | Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts Nextcloud is an open-source, self-hosted productivity platform. | 3.5 |
| 2021-01-06 | CVE-2020-8281 | Cross-site Scripting vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | 3.5 |
| 2021-01-06 | CVE-2020-8280 | Cross-site Scripting vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | 3.5 |
| 2020-07-10 | CVE-2020-8181 | Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | 4.3 |
| 2018-07-05 | CVE-2018-3764 | Cross-site Scripting vulnerability in Nextcloud Contacts In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. | 4.8 |