CVE-2019-16375: 
Linux Debian vulnerability analysis and mitigation

A stored XSS vulnerability (CVE-2019-16375) was discovered in Open Ticket Request System (OTRS) versions 7.0.x through 7.0.11, Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. The vulnerability was disclosed on September 3, 2019, and was assigned a CVSS v3.0 base score of 5.4 (Medium) (NVD, OTRS Advisory).

The vulnerability allows an authenticated attacker with appropriate permissions to create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).

The vulnerability could lead to the execution of arbitrary JavaScript code in the context of OTRS when an agent responds to a maliciously crafted article. This could potentially result in information disclosure and integrity compromise within the affected OTRS system (OTRS Advisory).

The vulnerability has been fixed in OTRS versions 7.0.12, 6.0.23, and 5.0.38. Users are recommended to upgrade to these or later versions. The fixes can be found in the GitHub commits for OTRS 6.0 and 5.0 versions. OTRS On-Premise customers can obtain the new product version from the exclusive download area at portal.otrs.com (OTRS Advisory).