Vulnerabilities > Nextcloud > Contacts > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-30 CVE-2023-33182 Unspecified vulnerability in Nextcloud Contacts
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing.
network
low complexity
nextcloud
4.3
2021-10-25 CVE-2021-39221 Unspecified vulnerability in Nextcloud Contacts
Nextcloud is an open-source, self-hosted productivity platform.
network
low complexity
nextcloud
5.4
2021-01-06 CVE-2020-8281 Cross-site Scripting vulnerability in Nextcloud Contacts
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.
network
low complexity
nextcloud CWE-79
5.4
2021-01-06 CVE-2020-8280 Cross-site Scripting vulnerability in Nextcloud Contacts
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.
network
low complexity
nextcloud CWE-79
5.4
2020-07-10 CVE-2020-8181 Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
network
low complexity
nextcloud CWE-434
4.3
2018-07-05 CVE-2018-3764 Cross-site Scripting vulnerability in Nextcloud Contacts
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction.
network
low complexity
nextcloud CWE-79
4.8