CVE-2025-66554 | Nextcloud Contacts App up to 5.5.3/6.0.5/7.2.4 CSS File Parser organisation/title cross site scripting (GHSA-9v78-cpfc-v6h2)

A vulnerability classified as problematic has been found in Nextcloud Contacts App up to 5.5.3/6.0.5/7.2.4. This vulnerability affects unknown code of the component CSS File Parser. Performing manipulation of the argument organisation/title results in cross site scripting.

This vulnerability is reported as CVE-2025-66554. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More