Contacts
Monthly
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Nextcloud is an open-source, self-hosted productivity platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Nextcloud is an open-source, self-hosted productivity platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.