I am going to share information about content spoofing vulnerability present in 404 page. This vulnerability may not consider as in-scope but you can put it as informative.
"Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. "
Attacker can modify page content in a way that "The requested URL /https://eng.uber.com has been changed to https://www.fakewebsite.com. so please visit https://www.fakewebsite.com as your requested link was not found on this server."
Affected URL: https://eng.uber.com
POC : https://eng.uber.com/has%20been%20changed%20to%20https%3A%2F%2Fwww.fakewebsite.com.%20so%20please%20visit%20https%3A%2F%2Fwww.fakewebsite.com%20as%20your%20requested%20link
Vulnerability reference: https://www.owasp.org/index.php/Content_Spoofing
Please find attachment for POC.