Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

Insights Hero

Perspectives, Insights, and News

News article image

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

News article image

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

News article image

The State of Cyberwarfare

The state of Cyberwarfare

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!

CVE-2022-1819 | Medium Severity | Armis

) that is stored and executed when other admins view the affected page. Exploit details have been publicly disclosed. CVSS v3.1 base score 2.4 (Low); attack vector Network, privileges required High, user interaction Required, with no impact on confidentiality or availability and a low impact on integrity.\n","articleBody":"A stored cross-site scripting (XSS) vulnerability exists in the Student Information System 1.0, specifically in the Student Roll module (admin/?page=students). An authenticated attacker with admin privileges can inject a script payload (for example, ) that is stored and executed when other admins view the affected page. Exploit details have been publicly disclosed. CVSS v3.1 base score 2.4 (Low); attack vector Network, privileges required High, user interaction Required, with no impact on confidentiality or availability and a low impact on integrity.\n\n\nAn authenticated stored cross-site scripting vulnerability affects the Student Information System 1.0, in the Student Roll module's admin page (admin/?page=students). A payload injection such as can be stored and subsequently executed in the browsers of other administrators who load the page, leading to XSS. The issue has been publicly disclosed and carries CVSS v3.1 metrics of 2.4 (Low) with high privileges required and user interaction necessary; the impact is limited to integrity with no confidentiality or availability impact.\n","datePublished":"2022-05-24T06:15:08.000Z","dateModified":"2026-05-13T09:03:51.369Z","keywords":"Medium, 2022, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2022-1819","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1819","name":"NVD CVE-2022-1819"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"4.8"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.35%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"57th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"HIGH"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2022-1819?","acceptedAnswer":{"@type":"Answer","text":"A stored cross-site scripting (XSS) vulnerability exists in the Student Information System 1.0, specifically in the Student Roll module (admin/?page=students). An authenticated attacker with admin privileges can inject a script payload (for example, ) that is stored and executed when other admins view the affected page. Exploit details have been publicly disclosed. CVSS v3.1 base score 2.4 (Low); attack vector Network, privileges required High, user interaction Required, with no impact on confidentiality or availability and a low impact on integrity.\n"}},{"@type":"Question","name":"How severe is CVE-2022-1819?","acceptedAnswer":{"@type":"Answer","text":"CVE-2022-1819 has a CVSS score of 4.8 (Medium severity). EPSS score: 0.35% (57th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2022-1819?","acceptedAnswer":{"@type":"Answer","text":"- Apply the vendor's patch or upgrade to a version where the vulnerability is fixed. Check for any security advisories from the vendor and apply the appropriate update.\n- Implement input validation and output encoding on the Student Roll module, especially for admin/?page=students, to ensure all user-supplied data is properly escaped before rendering.\n- Use proper server-side escaping or sanitization for all fields that accept user input to prevent script injection.\n- Enable a strict Content Security Policy (CSP) that disallows inline scripts and restricts script sources to trusted origins (e.g., script-src 'self').\n- Deploy a Web Application Firewall (WAF) with rules to detect and block XSS payloads and unusual script-like inputs targeting the admin interface.\n- Enforce least-privilege access for admin accounts and review roles to ensure only trusted administrators can access the Student Roll module.\n- After applying fixes, perform targeted security testing with XSS payloads (including common inline scripts) to verify mitigation effectiveness.\n- Monitor logs and alerts for attempts to exploit XSS and conduct a post-remediation review to confirm no stored payloads remain.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2022-1819","item":"https://cve.armis.com/CVE-2022-1819"}]}]

CVE-2022-1819:

A stored cross-site scripting (XSS) vulnerability exists in the Student Information System 1.0, specifically in the Student Roll module (admin/?page=students). An authenticated attacker with admin privileges can inject a script payload (for example, alert(1)) that is stored and executed when other admins view the affected page. Exploit details have been publicly disclosed. CVSS v3.1 base score 2.4 (Low); attack vector Network, privileges required High, user interaction Required, with no impact on confidentiality or availability and a low impact on integrity.

Score
A numerical rating that indicates how dangerous this vulnerability is.

Published Date:May 24, 2022
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.3
EPSS Percentile:57%

Exploitability

Score:1.7
Attack Vector:

Description Preview

A stored cross-site scripting (XSS) vulnerability exists in the Student Information System 1.0, specifically in the Student Roll module (admin/?page=students). An authenticated attacker with admin privileges can inject a script payload (for example, alert(1)) that is stored and executed when other admins view the affected page. Exploit details have been publicly disclosed. CVSS v3.1 base score 2.4 (Low); attack vector Network, privileges required High, user interaction Required, with no impact on confidentiality or availability and a low impact on integrity.

Overview

An authenticated stored cross-site scripting vulnerability affects the Student Information System 1.0, in the Student Roll module's admin page (admin/?page=students). A payload injection such as alert(1) can be stored and subsequently executed in the browsers of other administrators who load the page, leading to XSS. The issue has been publicly disclosed and carries CVSS v3.1 metrics of 2.4 (Low) with high privileges required and user interaction necessary; the impact is limited to integrity with no confidentiality or availability impact.

Remediation

Apply the vendor's patch or upgrade to a version where the vulnerability is fixed. Check for any security advisories from the vendor and apply the appropriate update.
Implement input validation and output encoding on the Student Roll module, especially for admin/?page=students, to ensure all user-supplied data is properly escaped before rendering.
Use proper server-side escaping or sanitization for all fields that accept user input to prevent script injection.
Enable a strict Content Security Policy (CSP) that disallows inline scripts and restricts script sources to trusted origins (e.g., script-src 'self').
Deploy a Web Application Firewall (WAF) with rules to detect and block XSS payloads and unusual script-like inputs targeting the admin interface.
Enforce least-privilege access for admin accounts and review roles to ensure only trusted administrators can access the Student Roll module.
After applying fixes, perform targeted security testing with XSS payloads (including common inline scripts) to verify mitigation effectiveness.
Monitor logs and alerts for attempts to exploit XSS and conduct a post-remediation review to confirm no stored payloads remain.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low

Mining

Utilities

Information

Construction

Retail Trade

Manufacturing

Wholesale Trade

Educational Services

Finance and Insurance

Public Administration

Real Estate Rental and Leasing

Transportation and Warehousing