Zammad is an open source web-based help desk/customer support system. a cross-site scripting vulnerability exists in the chat feature in versions of Zammad prior to 4.1.1. The vulnerability stems from improper handling of clipboard data. An attacker could exploit the vulnerability to execute malicious code.