The `specializedRendering` function in Rocket.Chat server prior to 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
rocket.chat rocket.chat