Cross-site Scripting (XSS)
otrs2:sid is vulnerable to cross-site scripting. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction...