An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...

Mattermost Server does not neutralize HTML content in an Email template field