[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-16375":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":60,"related":61,"reserved_at":9,"published_at":65,"modified_at":66,"state":67,"summary":68,"references_raw":77,"kevs":107,"epss":108,"epss_history":111,"metrics":375,"affected":386},"CVE-2019-16375","An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[48,50,52,54,56,58],{"_key":49},"UBUNTU-CVE-2019-16375",{"_key":51},"OPENSUSE-SU-2020:1509-1",{"_key":53},"OPENSUSE-SU-2020:0551-1",{"_key":55},"OPENSUSE-SU-2020:1475-1",{"_key":57},"DLA-3551-1",{"_key":59},"DEBIAN-CVE-2019-16375",[],[62,63,64],{"_key":51},{"_key":53},{"_key":55},"2020-03-19T00:00:00.000Z","2024-08-05T01:17:39.431Z","Modified",{"cisa_kev":69,"cisa_ransomware":69,"cisa_vendor":9,"epss_severity":70,"epss_score":71,"severity":72,"severity_score":73,"severity_version":74,"severity_source":75,"severity_vector":76,"severity_status":67},false,"low",0.00647,"medium",5.4,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",[78,84,89,94,98,102],{"url":79,"sources":80,"tags":82},"https://community.otrs.com/category/security-advisories-en/",[81,75],"cve.org",[83],"Vendor Advisory",{"url":85,"sources":86,"tags":87},"https://otrs.com/release-notes/otrs-security-advisory-2019-13/",[81,75],[88,83],"Release Notes",{"url":90,"sources":91,"tags":92},"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html",[81,75],[83,93],"Broken Link",{"url":95,"sources":96,"tags":97},"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html",[81,75],[83,93],{"url":99,"sources":100,"tags":101},"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html",[81,75],[83,93],{"url":103,"sources":104,"tags":105},"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",[81,75],[106],"Mailing List",[],{"date":109,"score":71,"percentile":110},"2026-06-04",0.71163,[112,115,118,121,124,127,130,133,136,139,142,145,148,151,154,158,161,164,167,170,173,176,179,182,184,187,190,193,196,199,202,205,207,210,213,216,219,222,225,228,231,234,236,238,241,244,247,250,253,256,258,261,264,267,271,274,276,278,281,284,287,290,293,296,298,301,304,307,310,313,316,319,322,325,328,331,334,337,339,342,345,348,351,354,357,360,363,366,369,372],{"date":113,"score":71,"percentile":114},"2025-11-04",0.69963,{"date":116,"score":71,"percentile":117},"2025-11-05",0.69948,{"date":119,"score":71,"percentile":120},"2025-11-06",0.69946,{"date":122,"score":71,"percentile":123},"2025-11-07",0.69959,{"date":125,"score":71,"percentile":126},"2025-11-08",0.69961,{"date":128,"score":71,"percentile":129},"2025-11-09",0.69953,{"date":131,"score":71,"percentile":132},"2025-11-10",0.69942,{"date":134,"score":71,"percentile":135},"2025-11-11",0.69951,{"date":137,"score":71,"percentile":138},"2025-11-12",0.69975,{"date":140,"score":71,"percentile":141},"2025-11-13",0.69981,{"date":143,"score":71,"percentile":144},"2025-11-14",0.69989,{"date":146,"score":71,"percentile":147},"2025-11-15",0.69988,{"date":149,"score":71,"percentile":150},"2025-11-16",0.69985,{"date":152,"score":71,"percentile":153},"2025-11-17",0.69983,{"date":155,"score":156,"percentile":157},"2025-11-18",0.00532,0.64727,{"date":159,"score":156,"percentile":160},"2025-11-19",0.64736,{"date":162,"score":156,"percentile":163},"2025-11-20",0.64734,{"date":165,"score":71,"percentile":166},"2025-11-21",0.70001,{"date":168,"score":71,"percentile":169},"2025-11-22",0.69993,{"date":171,"score":71,"percentile":172},"2025-11-23",0.69978,{"date":174,"score":71,"percentile":175},"2025-11-24",0.6997,{"date":177,"score":71,"percentile":178},"2025-11-25",0.69971,{"date":180,"score":71,"percentile":181},"2025-11-26",0.69977,{"date":183,"score":71,"percentile":172},"2025-11-27",{"date":185,"score":71,"percentile":186},"2025-11-28",0.69968,{"date":188,"score":71,"percentile":189},"2025-11-29",0.69956,{"date":191,"score":71,"percentile":192},"2025-11-30",0.69949,{"date":194,"score":71,"percentile":195},"2025-12-01",0.70092,{"date":197,"score":71,"percentile":198},"2025-12-02",0.701,{"date":200,"score":71,"percentile":201},"2025-12-03",0.70097,{"date":203,"score":71,"percentile":204},"2025-12-04",0.69944,{"date":206,"score":71,"percentile":123},"2025-12-05",{"date":208,"score":71,"percentile":209},"2025-12-06",0.69964,{"date":211,"score":71,"percentile":212},"2025-12-07",0.69962,{"date":214,"score":71,"percentile":215},"2025-12-08",0.69966,{"date":217,"score":71,"percentile":218},"2025-12-09",0.69997,{"date":220,"score":71,"percentile":221},"2025-12-10",0.7004,{"date":223,"score":71,"percentile":224},"2025-12-11",0.70062,{"date":226,"score":71,"percentile":227},"2025-12-12",0.70088,{"date":229,"score":71,"percentile":230},"2025-12-13",0.70091,{"date":232,"score":71,"percentile":233},"2025-12-14",0.70094,{"date":235,"score":71,"percentile":230},"2025-12-15",{"date":237,"score":71,"percentile":201},"2025-12-16",{"date":239,"score":71,"percentile":240},"2025-12-17",0.70113,{"date":242,"score":71,"percentile":243},"2025-12-18",0.70141,{"date":245,"score":71,"percentile":246},"2025-12-19",0.70158,{"date":248,"score":71,"percentile":249},"2025-12-20",0.70156,{"date":251,"score":71,"percentile":252},"2025-12-21",0.70147,{"date":254,"score":71,"percentile":255},"2025-12-22",0.70143,{"date":257,"score":71,"percentile":255},"2025-12-23",{"date":259,"score":71,"percentile":260},"2025-12-24",0.70152,{"date":262,"score":71,"percentile":263},"2025-12-25",0.70177,{"date":265,"score":71,"percentile":266},"2025-12-26",0.70175,{"date":268,"score":269,"percentile":270},"2025-12-27",0.00545,0.67176,{"date":272,"score":71,"percentile":273},"2025-12-28",0.70148,{"date":275,"score":71,"percentile":255},"2025-12-29",{"date":277,"score":71,"percentile":249},"2025-12-30",{"date":279,"score":71,"percentile":280},"2025-12-31",0.70176,{"date":282,"score":71,"percentile":283},"2026-01-01",0.70331,{"date":285,"score":71,"percentile":286},"2026-01-02",0.70326,{"date":288,"score":71,"percentile":289},"2026-01-03",0.70327,{"date":291,"score":71,"percentile":292},"2026-01-04",0.70178,{"date":294,"score":71,"percentile":295},"2026-01-05",0.7017,{"date":297,"score":71,"percentile":266},"2026-01-06",{"date":299,"score":71,"percentile":300},"2026-01-07",0.7019,{"date":302,"score":71,"percentile":303},"2026-01-08",0.70206,{"date":305,"score":71,"percentile":306},"2026-01-09",0.70211,{"date":308,"score":71,"percentile":309},"2026-01-10",0.70212,{"date":311,"score":71,"percentile":312},"2026-01-11",0.70205,{"date":314,"score":71,"percentile":315},"2026-01-12",0.70199,{"date":317,"score":71,"percentile":318},"2026-01-13",0.70196,{"date":320,"score":71,"percentile":321},"2026-01-14",0.70224,{"date":323,"score":71,"percentile":324},"2026-01-15",0.7023,{"date":326,"score":71,"percentile":327},"2026-01-16",0.70249,{"date":329,"score":71,"percentile":330},"2026-01-17",0.70242,{"date":332,"score":71,"percentile":333},"2026-01-18",0.70221,{"date":335,"score":71,"percentile":336},"2026-01-19",0.70213,{"date":338,"score":71,"percentile":333},"2026-01-20",{"date":340,"score":71,"percentile":341},"2026-01-21",0.70225,{"date":343,"score":71,"percentile":344},"2026-01-22",0.70237,{"date":346,"score":71,"percentile":347},"2026-01-23",0.70269,{"date":349,"score":71,"percentile":350},"2026-01-24",0.70274,{"date":352,"score":71,"percentile":353},"2026-01-25",0.70245,{"date":355,"score":71,"percentile":356},"2026-01-26",0.70241,{"date":358,"score":71,"percentile":359},"2026-01-27",0.70243,{"date":361,"score":71,"percentile":362},"2026-01-28",0.70258,{"date":364,"score":71,"percentile":365},"2026-01-29",0.70257,{"date":367,"score":71,"percentile":368},"2026-01-30",0.70267,{"date":370,"score":71,"percentile":371},"2026-01-31",0.70273,{"date":373,"score":71,"percentile":374},"2026-02-01",0.70403,[376],{"source":75,"cvss_v2_0":377,"cvss_v3_0":9,"cvss_v3_1":382,"cvss_v4_0":9},{"baseScore":378,"baseSeverity":9,"vectorString":379,"impactScore":380,"exploitabilityScore":381},3.5,"AV:N/AC:M/Au:S/C:N/I:P/A:N",2.9,6.8,{"baseScore":73,"baseSeverity":383,"vectorString":76,"impactScore":384,"exploitabilityScore":385},"MEDIUM",4.5,5.9,[387],{"ecosystem":9,"name":388,"vendor":388,"product":388,"cpe_part":389,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":390},"otrs","a",[391,398,402],{"version":392,"is_range":393,"range_type":394,"version_start":395,"version_start_type":396,"version_end":397,"version_end_type":396,"fixed_in":9},"gte5.0.0_lte5.0.37",true,"cpe","5.0.0","including","5.0.37",{"version":399,"is_range":393,"range_type":394,"version_start":400,"version_start_type":396,"version_end":401,"version_end_type":396,"fixed_in":9},"gte6.0.0_lte6.0.22","6.0.0","6.0.22",{"version":403,"is_range":393,"range_type":394,"version_start":404,"version_start_type":396,"version_end":405,"version_end_type":396,"fixed_in":9},"gte7.0.0_lte7.0.11","7.0.0","7.0.11"]