An issue exists in Mattermost Server prior to 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
mattermost mattermost server