Reflected Self-XSS Vulnerability in the Comment section of Files Information

Vulnerability Found In the test domain: demo.nextcloud.com Vulnerability Type : Reflected XSS STEPS TO REPRODUCE: STEP 1: Login to demo nextcloud server site using test credentials.(demo.nextcloud.com) STEP 2: On the All Files Tab ,Select Any File. STEP 3: A tab opens on the Right Hand side of the screen which holds the informations of File Selected.Choose the "Comments" Section Next to Activities. STEP 4: In the Comments Box,the payload to execute XSS is passed. ------------------ Test Payloads: ------------------ </textarea><img src="s" onmouseover=alert(1)> </textarea><script>alert(1)</script> STEP 5: Click on the Post button. STEP 6: After the comment is posted,"Click on the Edit Comments Button that will appear near the posted comment when cursor was hovered over comment" "THE APPLIED XSS PAYLOAD GETS EXECUTED WHILE CLICKING THE EDIT BUTTON THAT APPEARS"