CVE-2018-17883 on Ubuntu 16.04 LTS (xenial) - medium.
Description:
An attacker could send an email with a malicious link to an OTRS system or an agent. If a logged in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.