CVE-2017-9299

NameCVE-2017-9299
DescriptionOpen Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

This report for OTRS is quite vague/unclear and upstream can
not track the issue down to a specific fixed release claims though that
it should not be reproducible with versions later than 3.3.17.
Search for package or bug name: Reporting problems