XSS in Desktop Client in the notifications

## Summary: The `Nextcloud Desktop Client` application does not properly neutralize the names of files before using them. ## Steps To Reproduce: ### Server Machine 1. Install the `Nextcloud Server` application 2. Log into your account ### Client Machine 3. Install the `Nextcloud Desktop Client` application onto a machine that is running the `Windows 10` operating system 4. Log into your account ### Server Machine 5. Upload any file to your `Nextcloud Server` instance 6. Rename the file that you uploaded to `<h1><b><i><u>MikeIsAStar` ### Client Machine 7. Wait until a notification appears exclaiming that some files could not synchronized 8. Open the main dialog window of the `Nextcloud Desktop Client` application 9. Observe that the name of the file that you uploaded is treated as `HyperText Markup Language` ## Supporting Material/References: {F1864812} ## Impact An attacker can inject arbitrary `HyperText Markup Language` into the `Nextcloud Desktop Client` application.