News plugin team

1 exploit Active since Jul 2019
CVE-2019-12724 WRITEUP MEDIUM WRITEUP
Teclib News < 1.5.2 - Stored Cross-Site Scripting via Name Parameter
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.
CVSS 6.1