Vulnerabilities > Nextcloud > Contacts > Low

DATE CVE VULNERABILITY TITLE RISK
2021-10-25 CVE-2021-39221 Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts
Nextcloud is an open-source, self-hosted productivity platform.
network
nextcloud CWE-434
3.5
3.5
2021-01-06 CVE-2020-8280 Cross-site Scripting vulnerability in Nextcloud Contacts
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.
network
nextcloud CWE-79
3.5
3.5
2021-01-06 CVE-2020-8281 Cross-site Scripting vulnerability in Nextcloud Contacts
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.
network
nextcloud CWE-79
3.5
3.5