Every CVE whose affected-product data names Nextcloud Contacts, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-39221 — CVSS 6.4 (medium): Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to…
CVE-2020-8280 — CVSS 5.4 (medium): A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site…
CVE-2020-8281 — CVSS 5.4 (medium): A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting…
CVE-2018-3764 — CVSS 4.8 (medium): In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring…
CVE-2020-8181 — CVSS 4.3 (medium): A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
CVE-2025-66554 — CVSS 3.5 (low): Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and…
CVE-2023-33182 — CVSS 0.0 (none): Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is…