Medium severity5.4OSV Advisory· Published Jan 6, 2021· Updated Jun 17, 2026
CVE-2020-8280
CVE-2020-8280
Description
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- hackerone.com/reports/998422nvdExploitThird Party Advisory
- nextcloud.com/security/advisory/nvdVendor Advisory
News mentions
0No linked articles in our index yet.