An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
mattermost mattermost server
mattermost mattermost server 4.3.0