CVE-2022-39373 is a cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the GLPI (Gestionnaire Libre de Parc Informatique) software, an open-source IT asset and service management tool widely used for ITIL service desk functions, license tracking, and software auditing. The vulnerability exists in versions 10.0.0 up to but not including 10.0.4. Specifically, the flaw arises from improper neutralization of input during web page generation, where an administrator can store malicious code within the entity name field. This malicious input is not adequately sanitized or encoded before being rendered in the web interface, enabling the injection and execution of arbitrary JavaScript code in the context of users viewing the affected pages. Exploiting this vulnerability could allow an attacker with administrative privileges to execute scripts that may hijack user sessions, steal sensitive information, or perform actions on behalf of other users. Although exploitation requires administrative access to inject the malicious payload, the vulnerability poses a risk to the confidentiality and integrity of data managed within GLPI. The issue has been addressed in GLPI version 10.0.4, and users are advised to upgrade to this or later versions to mitigate the risk. There are no known exploits in the wild at this time, but the presence of this vulnerability in an IT management platform used by organizations makes it a potential target for attackers aiming to compromise internal IT infrastructure.

For European organizations, the impact of CVE-2022-39373 can be significant, especially for those relying on GLPI for managing IT assets, service desks, and software licenses. Successful exploitation could lead to unauthorized script execution within the GLPI web interface, potentially resulting in session hijacking, unauthorized data access, or manipulation of IT asset records. This could disrupt IT service management workflows, compromise sensitive organizational data, and facilitate further lateral movement within the network. Given that GLPI is often used in environments with privileged access to critical IT infrastructure, the vulnerability could indirectly affect the availability and integrity of broader IT services. While exploitation requires administrative privileges, insider threats or compromised administrator accounts could leverage this vulnerability to escalate attacks. The absence of known active exploits reduces immediate risk, but the medium severity rating indicates a need for timely remediation to prevent potential exploitation.

1. Immediate upgrade of GLPI installations to version 10.0.4 or later to apply the official patch addressing this vulnerability. 2. Implement strict access controls and monitoring on administrator accounts to prevent unauthorized access or misuse. 3. Conduct regular audits of entity names and other input fields to detect and remove any suspicious or malicious content. 4. Employ web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting GLPI interfaces. 5. Educate administrators and users on safe input handling and the risks of injecting untrusted content. 6. Enable Content Security Policy (CSP) headers on GLPI web servers to restrict the execution of unauthorized scripts. 7. Monitor GLPI logs for unusual activities that could indicate attempted exploitation. 8. Where possible, isolate GLPI servers within segmented network zones to limit the impact of a potential compromise.