I’m quite busy with bug bounties lately, but sometimes I still discover stuff, which might also be interesting for the rest of you ;-). So here’s quick writeup about a quite interesting vulnerability in the open source Slack-alternative Mattermost, which I have found in December
RCESEC-2016-012: Mattermost <= 3.5.1 Error Page Cross-Site Scripting / Content Injection
