Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle