1 results (0.001 seconds)
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0
CVE-2019-12724
https://notcve.org/view.php?id=CVE-2019-12724
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter. Se detectó un problema en el plugin News de Teclib hasta la versión 1.5.2 para GLPI. Permite un ataque de tipo XSS almacenado por medio del parámetro $_POST['nombre']. • https://github.com/pluginsGLPI/news/blob/master/front/alert.form.php https://github.com/pluginsGLPI/news/pull/69 https://github.com/pluginsGLPI/news/releases/tag/1.5.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •