Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.