CVE-2022-31187 is a cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the GLPI (Gestionnaire Libre de Parc Informatique) software, specifically versions from 10.0.0 up to but not including 10.0.3. GLPI is an open-source IT asset and service management tool widely used for ITIL service desk operations, license tracking, and software auditing. The vulnerability arises due to improper neutralization of HTML tags in the global search context, meaning that user-supplied input is not correctly sanitized before being rendered on web pages. This flaw allows an attacker to inject malicious scripts into the search results page, which can then be executed in the context of other users’ browsers. Exploitation does not require authentication, as the global search feature is typically accessible to users of the system. The vulnerability was publicly disclosed on September 14, 2022, and users are advised to upgrade to GLPI version 10.0.3, where the issue has been fixed. For those unable to upgrade immediately, disabling the global search feature is recommended as a temporary mitigation. There are no known exploits in the wild at this time, but the nature of XSS vulnerabilities means that exploitation could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of legitimate users.

For European organizations using GLPI versions prior to 10.0.3, this vulnerability poses a moderate risk to confidentiality and integrity. Successful exploitation could allow attackers to execute arbitrary JavaScript in the context of authenticated users, potentially leading to theft of session cookies, user credentials, or the injection of malicious content. This could compromise sensitive IT asset management data, disrupt service desk operations, or facilitate further lateral movement within the network. While the vulnerability does not directly impact system availability, the indirect consequences of compromised user accounts or data integrity could lead to operational disruptions. Given GLPI’s role in managing IT infrastructure and licenses, exploitation could also affect compliance and auditing processes. The risk is heightened in environments where GLPI is accessible over the internet or within large organizations with many users having access to the global search feature.

1. Immediate upgrade to GLPI version 10.0.3 or later, where the vulnerability is patched, is the most effective mitigation. 2. If upgrading is not immediately feasible, disable the global search feature to prevent exploitation of the vulnerable input handling. 3. Implement web application firewall (WAF) rules to detect and block suspicious input patterns targeting the global search functionality. 4. Conduct user awareness training to recognize phishing or social engineering attempts that might leverage this vulnerability. 5. Review and restrict user permissions to limit access to the global search feature only to trusted users. 6. Monitor GLPI logs for unusual search queries or anomalous user activity that could indicate attempted exploitation. 7. Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting the execution of unauthorized scripts.