This allows a cross site scripting attack while reading the replies as authenticated agent. An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers.