Home > Vulnerability Database > CVE-2023-33182

Mend.io Vulnerability Database

CVE-2023-33182

Good to know:

Date: May 30, 2023

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4

Language: PHP

Severity Score

4.3

Related Resources (5)

Url: https://github.com/nextcloud/contacts/pull/3199

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hxr6-cx85-gcjx

Url: https://hackerone.com/reports/1789602

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33182

Url: https://www.mend.io/vulnerability-database/CVE-2023-33182

Severity Score

4.3

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v4.2.4,v5.0.3

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33182

Good to know:

Date: May 30, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?