EUVD-2017-9163

Malware in sbrugna...

Office Tracker 'logincount' Parameter Cross-Site Scripting Vulnerability

Office Tracker is a work scheduling software package. The software features appointment scheduling, room and facility scheduling, meeting scheduling, and employee scheduling. A cross-site scripting vulnerability exists in Office Tracker version 11.2.5. A remote attacker can exploit this...

CVE-2017-18023

Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI...

CVE-2017-18023

Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI...

Code injection

Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI...

CVE-2017-18023

Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI...

CVE-2017-18023

Office Tracker 11.2.5 has a Cross-Site Scripting (XSS) vulnerability exposed via the logincount parameter to the /otweb/OTPClientLogin URI. The logincount value is copied into the HTML response as plain text, allowing an attacker to inject arbitrary script (example from public payloads shows a sc...

Office Tracker 11.2.5 Cross Site Scripting

Title: Office Tracker 11.2.5 - XSS Author: Nassim Asrir Contact: [email protected] Vendor: https://www.officetracker.com/ CVE: CVE-2017-18023 Description Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. ------------------------------------------ Detail...