Skip to main content

Contacts

5 CVEs product

Monthly

CVE-2023-33182 MEDIUM PATCH This Month

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Contacts
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-25524 LOW Monitor

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Contacts
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-39221 MEDIUM This Month

Nextcloud is an open-source, self-hosted productivity platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud XSS Contacts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-8181 MEDIUM This Month

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Contacts
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2018-3764 MEDIUM This Month

In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud XSS Contacts
NVD
CVSS 3.1
4.8
EPSS
0.6%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Contacts
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Contacts
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Nextcloud is an open-source, self-hosted productivity platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud XSS Contacts
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Contacts
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud XSS Contacts
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy