{"id":"CVE-2019-12724","details":"An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.","modified":"2026-07-08T15:55:24.886429Z","published":"2019-07-10T14:15:11.137Z","references":[{"type":"ADVISORY","url":"https://github.com/pluginsGLPI/news/blob/master/front/alert.form.php"},{"type":"ADVISORY","url":"https://github.com/pluginsGLPI/news/releases/tag/1.5.3"},{"type":"FIX","url":"https://github.com/pluginsGLPI/news/pull/69"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pluginsglpi/news","events":[{"introduced":"0"},{"last_affected":"21a8b608a5f73df6a5333dcded07d90051fcbf74"},{"fixed":"d7466661edeb02c026bd70eb0095d3590045b479"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.5.2"}],"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:teclib-edition:news:*:*:*:*:*:glpi:*:*"}}],"versions":["1.5.2","1.5.1","1.5.0","1.4.2","1.4.1","1.4.0","1.3.5","1.3.4","1.3.2.5","1.3.2.2","0.90-1.3.1","0.90-1.3","0.90-1.0","0.84-1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12724.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}