CVE-2022-39262

Stored Cross-Site Scripting (XSS) on login page in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.

We have discovered 47 live websites that are affected by CVE-2022-39262.

Run a Free Instant Scan



Affected Software

Product  GLPI
Category Help desk
Vulnerable Domains47 live websites (100% of GLPI install base)
Vulnerable Versions
  • from 0 through 10.0.4
Vulnerable Versions Count9 versions ( 100% of all versions)


Common Weakness Enumeration

CWE-83 Improper Neutralization of Script in Attributes in a Web Page



Details

  • Published - Nov 3, 2022
  • Updated - Apr 22, 2025

Website Distribution by Country

Number of websites using CVE-2022-39262
United States5 websites


Brazil10 websites
Russia6 websites
France5 websites
Colombia4 websites
New Zealand3 websites
GB2 websites
Italy2 websites
Poland2 websites
Turkey2 websites

Website Distribution by TLD

Number of websites using CVE-2022-39262
.com8 websites
.com.br6 websites
.ru6 websites
.fr3 websites
.co2 websites
.pl2 websites
.be1 websites
.eu1 websites
.it1 websites
.net1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2022-39262

Top websites that are affected by CVE-2022-39262. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
******.com Hong Kong*,***,***
********.*****.it Italy*,***,***
****.*************.***.br United States*,***,***
**.********.pl Poland**,***,***
*****.********.com Colombia**,***,***
**********.*****.**.***.br Brazil**,***,***
******.***.***.tr Turkey**,***,***
*****.hu GB**,***,***
********.*****.**.***.br Brazil**,***,***
********.*******.***.tr Turkey**,***,***
See full domain list

FAQ

CVE-2022-39262 is Improper Neutralization of Script in Attributes in a Web Page in GLPI
A total of 47 websites have been identified as vulnerable to CVE-2022-39262, based on global website indexing conducted by WebTechSurvey.
The GLPI is affected by the CVE-2022-39262 vulnerability.
GLPI versions up to 10.0.4 are vulnerable to CVE-2022-39262.
CVE-2022-39262 is resolved in version 10.0.4 of GLPI.