exploitDog

GHSA-v342-j8qr-3849

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.

A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.

Ссылки

EPSS

Процентиль: 44%

0.00217

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-8280

CVSS3: 5.4

nvd

около 5 лет назад

A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.

EPSS

Процентиль: 44%

0.00217

Низкий

CVE ID

Дефекты

CWE-79