2 matches found
CVE-2019-12724
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $POST'name' parameter...
CVE-2019-12724
The CVE-2019-12724 entry covers Teclib GLPI’s News plugin (versions up to 1.5.2). A stored XSS flaw exists via the $_POST['name'] parameter, allowing injected script to run in the context of the affected GLPI Web UI. The issue is documented across multiple sources (NVD, Red Hat, CNVD, OSV, CVE Li...