# Title: Office Tracker 11.2.5 - XSS # Author: Nassim Asrir # Contact: wassline@gmail.com # Vendor: https://www.officetracker.com/ # CVE: CVE-2017-18023 # Description Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. ------------------------------------------ # Details The value of the logincount request parameter is copied into the HTML document as plain text between tags. The payload chfkh