Mixmax: [app.mixmax.com] Stored XSS on Adding new enhancement.

Hi Mixmax team, Today I just found a Stored XSS on app.mixmax.com by adding a new enhancement. Just follow the steps below to reproduce this bug. Vulnerable URL APP MIXMAX - Settings - Integrations & API Payload " Steps to reproduce - Go to the Vulnerable URL. - Click Integrations & API then clic...

Nextcloud: Stored XSS on Share-popup of a directory's Gallery-view

Hi, Nice with the program launch! Congrats! I noticed that there was a Share-icon when toggling to the Gallery-view of a directory under "Nextcloud Files": F99938 If your directory has a malicious name such as a HTML-payload: , this HTML will run when clicking on the Share-icon: F99937 I see that...