Product
nextcloud contacts
9 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-13167
CVE-2025-66554
CVE-2023-33182
CVE-2021-25524
CVE-2021-39221
CVE-2020-8281
CVE-2020-8280
CVE-2020-8181
CVE-2018-3764
< 1.0.10-20659
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Syn
>= 5.0.0 and < 5.5.4
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.
>= 4.1.0 and < 4.2.4
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG
< 12.7.05.24
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
< 4.0.3
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vuln
< 3.4.0
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site
< 3.4.1
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-si
< 3.3.0
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
< 2.1.2
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS