CVE-2022-39372 is a cross-site scripting (XSS) vulnerability affecting the GLPI (Gestionnaire Libre de Parc Informatique) software, versions from 0.70 up to but not including 10.0.4. GLPI is an open-source IT asset and service management tool widely used for ITIL service desk functions, license tracking, and software auditing. The vulnerability arises due to improper neutralization of input during web page generation (CWE-79) and improper neutralization of script-related HTML tags (CWE-80). Specifically, authenticated users can inject malicious scripts into their account information fields, which are then rendered without proper sanitization. This flaw allows the execution of arbitrary JavaScript in the context of other users' browsers when they view the affected content. Although exploitation requires authentication, the impact includes potential session hijacking, privilege escalation, or unauthorized actions performed on behalf of legitimate users. The vulnerability was publicly disclosed on November 3, 2022, and has been patched in GLPI version 10.0.4. No known exploits have been reported in the wild, and no workarounds exist aside from upgrading. The vulnerability is significant because GLPI is often deployed in enterprise environments managing critical IT infrastructure, making it a valuable target for attackers aiming to compromise internal systems or gain footholds within organizational networks.

For European organizations, the impact of CVE-2022-39372 can be substantial due to GLPI's role in managing IT assets and service desks. Successful exploitation could lead to unauthorized access to sensitive IT management data, manipulation of service tickets, or disruption of IT operations. Attackers could leverage the XSS vulnerability to steal session cookies, perform actions with the privileges of legitimate users, or deliver further payloads such as malware. This could compromise confidentiality and integrity of IT management processes, potentially leading to broader network compromise. Given the authenticated nature of the exploit, insider threats or compromised user accounts pose a higher risk. The availability impact is moderate but could escalate if attackers disrupt IT service management workflows. European organizations with GLPI deployments in sectors such as government, finance, healthcare, and critical infrastructure are particularly at risk due to the sensitive nature of the managed data and regulatory requirements around data protection and operational continuity.

The primary and most effective mitigation is to upgrade GLPI installations to version 10.0.4 or later, where the vulnerability has been patched. Organizations should prioritize this upgrade in their patch management cycles. Additionally, implement strict access controls and monitoring to limit the number of users with permissions to modify account information fields. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns related to script injection in GLPI interfaces. Conduct regular security awareness training to reduce the risk of credential compromise that could enable authenticated exploitation. Review and harden session management policies to minimize the impact of stolen session tokens. Finally, perform routine security assessments and code reviews for custom plugins or integrations with GLPI to ensure they do not introduce similar vulnerabilities.