The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.
https://jira.atlassian.com/browse/HCPUB-3473
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html