Are there any input validations?
There are XSS vulns all over the site. At least while viewing a ticket <title>XXX</title>, and the eMail input field in UserCP are not checked at all.
I stopped testing here because of acute disbelieve. I hope I got something very wrong..