An issue exists in the Teclib News plugin up to and including 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.
teclib-edition news