Unrated severityOSV Advisory· Published Jan 6, 2021· Updated Aug 4, 2024
CVE-2020-8281
CVE-2020-8281
Description
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- hackerone.com/reports/894876mitrex_refsource_MISC
- nextcloud.com/security/advisory/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.