The supportflow plugin prior to 0.7 for WordPress has XSS via a ticket excerpt.
supportflow project supportflow