CVE-2022-39372: 
GLPI vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in GLPI (Gestionnaire Libre de Parc Informatique), an open-source IT Asset Management Software. The vulnerability, identified as CVE-2022-39372, allows authenticated users to store malicious code in their account information. The issue affects GLPI versions from 0.70 and was patched in version 10.0.4 (GitHub Advisory).

The vulnerability is classified as a CWE-80 type weakness. According to the CVSS v3.1 scoring system, it has a base score of 3.5 (Low severity) with the following metrics: Attack Vector (AV): Network, Attack Complexity (AC): Low, Privileges Required (PR): Low, User Interaction (UI): Required, Scope (S): Unchanged, Confidentiality Impact (C): Low, Integrity Impact (I): None, and Availability Impact (A): None (GitHub Advisory).

The vulnerability allows authenticated users to potentially store and execute malicious code through their account information, which could lead to a compromise of data confidentiality. However, the impact is limited as it requires user interaction and only affects the confidentiality aspect with a low severity (GitHub Advisory).

The vulnerability has been patched in GLPI version 10.0.4. Users are advised to upgrade to this version or later to mitigate the security risk (GitHub Advisory).