http://www.otrs.com/security-advisory-2014-03-xss-issue/
"An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed."
Version: wmf-deployment
Severity: normal