Yzy9951

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 20.0.6 **Description** The issue is related to reflected cross-site scripting (XSS) due to a lack of sanitization in the `OC.Notification.show` function. This allows for potential XSS attacks. **Recommendations** For versions prior to 20.0.6, update to version 20.0.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `OC.Notification.show` function until a patch is applied.