An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.Referenceshttps://mattermost.com/security-updates/
