CVE-2020-8280

EPSS 0.6%CWE-79

A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.

Productos afectados

n/a · Nextcloud Contacts

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://hackerone.com/reports/998422 https://nextcloud.com/security/advisory/?id=NC-SA-2020-044