CVE-2017-18881
Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 is affected by CVE-2017-18881, which allows cross-site scripting via a goto_location response to a slash command. The issue arises from how the web application handles the goto_location response and could permit injection of script in affected web ...