Description
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-1998 Vulnerability (CVE-2021-1998)
WordPress Plugin Modula Image Gallery Cross-Site Scripting (1.3.5)
WordPress Plugin Disqus Comment System Multiple Cross-Site Request Forgery Vulnerabilities (2.77)
MySQL CVE-2021-2001 Vulnerability (CVE-2021-2001)
WordPress Plugin WordPress Popular Posts Cross-Site Scripting (5.3.3)