CVE-2019-12724

Published July 10th, 2019

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

1

PROJECT

Description

An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.

pluginsGLPI/news

GLPI Plugin News (alertes page d'accueil)

GitHub

30