CVEs-PoC/2017/CVE-2017-9299.md

### [CVE-2017-9299](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9299)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.

### POC

#### Reference
- http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html

#### Github
No PoCs found on GitHub currently.