Nextcloud: Stored XSS on scan.nextcloud.com

The scan.nextcloud.com engine fetches a 'status.php' content in order to extract some version number as well as installed flavors. While scanning a website, the following API-wise cinematic happens : POST https://scan.nextcloud.com/api/queue twice, gives the UUID GET...