CVE-2019-16375 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-16375 Interim 1 15 2025-02-17T01:55:30Z current 2021-05-30T14:31:49Z 2025-02-17T01:55:30Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-16375 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HV3MGQ2UEPGYIRJRUZLM3IXFHMD2WSCZ/ E-Mail link for openSUSE-SU-2020:0551-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3LYOX4CJJPHH5WJGU4WJCXSIRJ5YPPB7/ E-Mail link for openSUSE-SU-2020:1475-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S5NKKTAPXGTZI4XHFQ7KLWHRJLJIOZSW/ E-Mail link for openSUSE-SU-2020:1509-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 openSUSE Leap 15.1 openSUSE Leap 15.2 otrs-5.0.42-bp150.2.10.1 otrs-6.0.29-bp151.3.6.2 otrs-6.0.29-bp152.2.8.1 otrs-6.0.29-lp151.2.6.2 otrs-6.0.29-lp152.2.3.4 otrs-doc-5.0.42-bp150.2.10.1 otrs-doc-6.0.29-bp151.3.6.2 otrs-doc-6.0.29-bp152.2.8.1 otrs-doc-6.0.29-lp151.2.6.2 otrs-doc-6.0.29-lp152.2.3.4 otrs-itsm-5.0.42-bp150.2.10.1 otrs-itsm-6.0.29-bp151.3.6.2 otrs-itsm-6.0.29-bp152.2.8.1 otrs-itsm-6.0.29-lp151.2.6.2 otrs-itsm-6.0.29-lp152.2.3.4 otrs-5.0.42-bp150.2.10.1 as a component of SUSE Package Hub 15 otrs-doc-5.0.42-bp150.2.10.1 as a component of SUSE Package Hub 15 otrs-itsm-5.0.42-bp150.2.10.1 as a component of SUSE Package Hub 15 otrs-6.0.29-bp151.3.6.2 as a component of SUSE Package Hub 15 SP1 otrs-doc-6.0.29-bp151.3.6.2 as a component of SUSE Package Hub 15 SP1 otrs-itsm-6.0.29-bp151.3.6.2 as a component of SUSE Package Hub 15 SP1 otrs-6.0.29-bp152.2.8.1 as a component of SUSE Package Hub 15 SP2 otrs-doc-6.0.29-bp152.2.8.1 as a component of SUSE Package Hub 15 SP2 otrs-itsm-6.0.29-bp152.2.8.1 as a component of SUSE Package Hub 15 SP2 otrs-6.0.29-lp151.2.6.2 as a component of openSUSE Leap 15.1 otrs-doc-6.0.29-lp151.2.6.2 as a component of openSUSE Leap 15.1 otrs-itsm-6.0.29-lp151.2.6.2 as a component of openSUSE Leap 15.1 otrs-6.0.29-lp152.2.3.4 as a component of openSUSE Leap 15.2 otrs-doc-6.0.29-lp152.2.3.4 as a component of openSUSE Leap 15.2 otrs-itsm-6.0.29-lp152.2.3.4 as a component of openSUSE Leap 15.2 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article. CVE-2019-16375 SUSE Package Hub 15:otrs-5.0.42-bp150.2.10.1 SUSE Package Hub 15:otrs-doc-5.0.42-bp150.2.10.1 SUSE Package Hub 15:otrs-itsm-5.0.42-bp150.2.10.1 SUSE Package Hub 15 SP1:otrs-6.0.29-bp151.3.6.2 SUSE Package Hub 15 SP1:otrs-doc-6.0.29-bp151.3.6.2 SUSE Package Hub 15 SP1:otrs-itsm-6.0.29-bp151.3.6.2 SUSE Package Hub 15 SP2:otrs-6.0.29-bp152.2.8.1 SUSE Package Hub 15 SP2:otrs-doc-6.0.29-bp152.2.8.1 SUSE Package Hub 15 SP2:otrs-itsm-6.0.29-bp152.2.8.1 openSUSE Leap 15.1:otrs-6.0.29-lp151.2.6.2 openSUSE Leap 15.1:otrs-doc-6.0.29-lp151.2.6.2 openSUSE Leap 15.1:otrs-itsm-6.0.29-lp151.2.6.2 openSUSE Leap 15.2:otrs-6.0.29-lp152.2.3.4 openSUSE Leap 15.2:otrs-doc-6.0.29-lp152.2.3.4 openSUSE Leap 15.2:otrs-itsm-6.0.29-lp152.2.3.4 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N