3 matches found
CVE-2017-18023
Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI...
CVE-2017-18023
Office Tracker 11.2.5 has a Cross-Site Scripting (XSS) vulnerability exposed via the logincount parameter to the /otweb/OTPClientLogin URI. The logincount value is copied into the HTML response as plain text, allowing an attacker to inject arbitrary script (example from public payloads shows a sc...
Office Tracker 11.2.5 Cross Site Scripting
Title: Office Tracker 11.2.5 - XSS Author: Nassim Asrir Contact: [email protected] Vendor: https://www.officetracker.com/ CVE: CVE-2017-18023 Description Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. ------------------------------------------ Detail...