Nextcloud Talk, a self-hosted local audio/video and chat communication service from Germany-based Nextcloud, is vulnerable to a cross-site scripting vulnerability that could be exploited by remote attackers to inject and execute arbitrary HTML and script code in the user’s browser within the context of the website.