Mandriva Linux Security Advisory 2014-111 - A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS.
25a9b8566656ec84dcef7b521af403abd6e8c20af97b14b958771c7694673d6e