An issue exists in Zammad prior to 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
zammad zammad