Mattermost: Reflected XSS in OAuth complete endpoints
Reflected XSS vulnerabilities were discovered in several OAuth complete endpoints in Mattermost. These endpoints failed to sanitize the "redirectto" field in the "state" query parameter, allowing an attacker to execute malicious JavaScript code in the context of the user's browser. This could lea...