XSS in Desktop Client in call notification popup

## Summary: The `Nextcloud Desktop Client` application does not properly neutralize the name of a group conversation before using it. ## Steps To Reproduce: ### Server Machine: 1. Install the `Nextcloud Server` application 2. Create an administrator account 3. Create a user account ### Client Machine: 4. Install the `Nextcloud Desktop Client` application on a machine that is running the `Windows 10` operating system 5. Log in to the user account ### Server Machine: 6. Log in to the administrator account 7. Install the `Nextcloud Talk` application 8. Open the `Nextcloud Talk` application 9. Create a group conversation with the name `<img src="https://avatars.githubusercontent.com/u/99037623">` 10. Add the user to the group conversation 11. Start a call in the group conversation ### Client Machine: 12. Observe that the name of the group conversation is treated as `HyperText Markup Language` Please do note that group conversation messages are also treated as `HyperText Markup Language`. ## Supporting Material/References: {F1953705} {F1953706} {F1953851} ## Impact An attacker can inject arbitrary `HyperText Markup Language` in to the `Nextcloud Desktop Client` application.