CVE-2022-35945 is a cross-site scripting (XSS) vulnerability identified in the GLPI (Gestionnaire Libre de Parc Informatique) software, versions 9.5.0 up to but not including 10.0.3. GLPI is an open-source IT asset and service management tool widely used for ITIL service desk functions, license tracking, and software auditing. The vulnerability arises from improper neutralization of input during web page generation, specifically on the registration key configuration page. The issue is that information associated with the registration key is not properly escaped, allowing an attacker to inject malicious scripts. This can lead to the theft of administrator cookies if an administrator views a crafted registration key entry. The vulnerability falls under CWE-79, which concerns improper input sanitization leading to XSS attacks. Exploitation does not require prior authentication but does require that the attacker can supply or influence the registration key data viewed by an administrator. There are no known workarounds other than avoiding the use of registration keys from untrusted sources. The vendor has addressed this vulnerability in GLPI version 10.0.3, and users are strongly advised to upgrade to this or later versions to mitigate the risk. No known exploits have been reported in the wild as of the publication date, but the potential for cookie theft and subsequent session hijacking poses a significant risk to confidentiality and integrity of administrative sessions.

For European organizations using GLPI versions prior to 10.0.3, this vulnerability could lead to unauthorized access to administrative sessions through cookie theft, enabling attackers to perform administrative actions, manipulate IT asset data, or disrupt service desk operations. The compromise of administrative accounts could result in data breaches, unauthorized changes to IT infrastructure management, and potential disruption of IT service management processes. Given GLPI's role in managing licenses, software auditing, and service desk tickets, exploitation could impact operational integrity and availability of IT services. The risk is heightened in environments where GLPI is exposed to untrusted users who can submit registration keys, such as in multi-tenant or externally accessible deployments. Although no active exploitation is known, the medium severity rating reflects the moderate ease of exploitation combined with the significant impact on confidentiality and integrity if successful.

1. Immediate upgrade to GLPI version 10.0.3 or later to apply the official patch addressing the XSS vulnerability. 2. Restrict access to the registration key configuration page to trusted administrators only, ideally limiting network exposure through firewalls or VPNs. 3. Implement strict input validation and sanitization controls on any user-supplied data related to registration keys, if customization is possible. 4. Monitor administrative sessions for unusual activity that could indicate session hijacking attempts. 5. Educate administrators to avoid using registration keys from untrusted sources and to be cautious when reviewing registration key data. 6. Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting script execution. 7. Regularly audit GLPI logs and configurations for signs of tampering or exploitation attempts. 8. Consider deploying web application firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting GLPI.