An issue exists in Mattermost Server prior to 3.1.0. It allows XSS via theme color-code values.
mattermost mattermost server