Content spoofing on https://surveyserver.nextcloud.com

Hi NextCloud team, the `https://surveyserver.nextcloud.com` domain is vulnerable against `content spoofing` in the `forbidden page` due to the fact that the `request URI` is reflected without validation inside the aforementioned page. 1. Go on https://surveyserver.nextcloud.com/.htaccess%20because%20the%20webserver%20has%20been%20moved%20on%20http://evil.com%20and%20only%20an%20old%20version%20is%20present 2. Text injected successfully {F398692} ## Impact Insert arbitrary text inside the `forbidden page` via `request URI`