Vulnerabilities > Nextcloud > Contacts > 3.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-25 | CVE-2021-39221 | Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts Nextcloud is an open-source, self-hosted productivity platform. | 3.5 |
| 2021-01-06 | CVE-2020-8280 | Cross-site Scripting vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | 3.5 |