CVE-2020-8281

Summary

A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud ContactsFixed in 3.4.0affected

Weaknesses

  • CWE-79: Cross-site Scripting (XSS) - Stored (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References