Vulnerabilities > Nextcloud > Contacts > 3.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-25 | CVE-2021-39221 | Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts Nextcloud is an open-source, self-hosted productivity platform. | 3.5 |
| 2021-01-06 | CVE-2020-8281 | Cross-site Scripting vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | 3.5 |
| 2021-01-06 | CVE-2020-8280 | Cross-site Scripting vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | 3.5 |
| 2020-07-10 | CVE-2020-8181 | Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | 4.3 |