Mattermost Server is an open source messaging platform from Mattermost, Inc. A cross-site scripting vulnerability exists in Mattermost Server, which stems from the lack of proper authentication of client-side data in OAuth-enabled Mattermost instances, and could be exploited to lure users into clicking on a connection containing a malicious request. The vulnerability is caused by the lack of proper authentication of client-side data in OAuth-enabled Mattermost instances.