CVE-2017-18023

Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI.