Stored XSS in collabora via user name

Affected: collabora and nextcloud Ubuntu 18.04.5 LTS Nextcloud 19.0.1 snap version collabora (CODE) The name of the user is displayed when him joins to edit the document allowing the attacker trigger xss. ## Impact * Set the name of the attacker account to <img src=a onerror=alert(window.parent.location)> * Create a new document → share the document with admin or another victim → the document will appear automatically in the files of the victim as shared * The attacker opens the document and waits until the victim also opens the document when opening it the payload is executed {F965228}