Are there any input validations?
There are XSS vulns all over the site. At least while viewing a ticket <title>XXX</title>, <input type="text" name="summary" value="XXX" /> and the eMail input field in UserCP are not checked at all.
I stopped testing here because of acute disbelieve. I hope I got something very wrong..