When a user uploads a csv file that contains an javascript payload a Cross-site Scripting (XSS) is triggered when the file is viewed. This is true for both cloud version and OSS version.