nextcloud-desktop is vulnerable to cross-site scripting. The vulnerability exists in ApplicationWindow
function of Window.qml
due to incorrectly neutralizes user-controllable input which allows an attacker to inject and execute malicious JavaScript.