CVE-2017-9299

{"id": "CVE-2017-9299", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-05-29T19:29:00.313", "references": [{"url": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected."}, {"lang": "es", "value": "Open Ticket Request System (OTRS) 3.3.9 tiene XSS en las peticiones index.pl?Action=AgentStats, tal y como demuestran los ataques OrderBy=[XSS] y Direction=[XSS]. NOTA: este CVE podr\u00eda tener una relevancia limitada, ya que representa un descubrimiento del 2017 de un problema en el software del 2014. La versi\u00f3n 3.3.20, por ejemplo, no se ha visto afectada."}], "lastModified": "2017-11-24T02:29:02.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:3.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454607A9-6CAA-49F1-81D6-A2D1CC468C4D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}