uvdesk/community-skeleton is vulnerable to Cross Site Scripting (XSS). The vulnerability exists because the library does not properly validate the messages sent by the clients in the ticket, which allows an attacker to inject and execute arbitrary JavaScript into the browser.