An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.

An issue was discovered in Mattermost Server before 2.2.0. It allows X ...

Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution