Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

Insights Hero

Perspectives, Insights, and News

News article image

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

News article image

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

News article image

The State of Cyberwarfare

The state of Cyberwarfare

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!

CVE-2022-1840 | Medium Severity | Armis

demonstrates the issue. Exploitation requires authentication and can be triggered over the network; CVSSv3.1 base score is 2.4 (low).\n","articleBody":"Cross-site scripting (CWE-79) vulnerability in Home Clean Services Management System 1.0 that allows injection and execution of arbitrary JavaScript via the registration flow (register.php?link=register). The payload example demonstrates the issue. Exploitation requires authentication and can be triggered over the network; CVSSv3.1 base score is 2.4 (low).\n\n\nThe Home Clean Services Management System 1.0 contains a cross-site scripting vulnerability in its registration flow, where unsafeguarded user input on the register page can be reflected back to the user, enabling execution of arbitrary scripts. The issue requires authentication and can be leveraged over the network, though the overall impact is rated low (CVSSv3.1 base score 2.4). This insecurity stems from insufficient input validation and output escaping for user-supplied content on the register page.\n","datePublished":"2022-05-24T06:15:09.000Z","dateModified":"2026-05-13T09:06:19.136Z","keywords":"Medium, 2022, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2022-1840","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1840","name":"NVD CVE-2022-1840"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"4.8"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.29%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"53th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"HIGH"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2022-1840?","acceptedAnswer":{"@type":"Answer","text":"Cross-site scripting (CWE-79) vulnerability in Home Clean Services Management System 1.0 that allows injection and execution of arbitrary JavaScript via the registration flow (register.php?link=register). The payload example demonstrates the issue. Exploitation requires authentication and can be triggered over the network; CVSSv3.1 base score is 2.4 (low).\n"}},{"@type":"Question","name":"How severe is CVE-2022-1840?","acceptedAnswer":{"@type":"Answer","text":"CVE-2022-1840 has a CVSS score of 4.8 (Medium severity). EPSS score: 0.29% (53th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2022-1840?","acceptedAnswer":{"@type":"Answer","text":"- Apply vendor patch or upgrade to a fixed version as provided by the vendor; verify whether a security update exists for the Home Clean Services Management System.\n- Implement robust server-side input validation and output encoding on register.php?link=register to neutralize or escape all user-supplied data before rendering.\n- Adopt proper HTML escaping (entity encoding) for any user-provided content reflected back in the UI; avoid allowing unsanitized input to be stored and later displayed as HTML.\n- Implement a Content Security Policy (CSP) and other anti-XSS headers to reduce the impact of any potential injection.\n- Introduce or tune a Web Application Firewall (WAF) with rules to detect and block XSS payloads, including common script tags and event handlers.\n- Enforce strict access controls around the registration functionality; ensure authenticated users have only the necessary privileges and consider additional authentication/authorization checks for the registration flow if applicable.\n- Conduct targeted testing using representative XSS payloads (including ) to verify that input is properly sanitized and output is encoded.\n- Review logging and monitoring to detect attempted XSS payloads and alert on suspicious patterns.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2022-1840","item":"https://cve.armis.com/CVE-2022-1840"}]}]

CVE-2022-1840:

Cross-site scripting (CWE-79) vulnerability in Home Clean Services Management System 1.0 that allows injection and execution of arbitrary JavaScript via the registration flow (register.php?link=register). The payload example alert(1) demonstrates the issue. Exploitation requires authentication and can be triggered over the network; CVSSv3.1 base score is 2.4 (low).

Score
A numerical rating that indicates how dangerous this vulnerability is.

Published Date:May 24, 2022
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.3
EPSS Percentile:53%

Exploitability

Score:1.7
Attack Vector:NETWORK
Attack Complexity:

Description Preview

Cross-site scripting (CWE-79) vulnerability in Home Clean Services Management System 1.0 that allows injection and execution of arbitrary JavaScript via the registration flow (register.php?link=register). The payload example alert(1) demonstrates the issue. Exploitation requires authentication and can be triggered over the network; CVSSv3.1 base score is 2.4 (low).

Overview

The Home Clean Services Management System 1.0 contains a cross-site scripting vulnerability in its registration flow, where unsafeguarded user input on the register page can be reflected back to the user, enabling execution of arbitrary scripts. The issue requires authentication and can be leveraged over the network, though the overall impact is rated low (CVSSv3.1 base score 2.4). This insecurity stems from insufficient input validation and output escaping for user-supplied content on the register page.

Remediation

Apply vendor patch or upgrade to a fixed version as provided by the vendor; verify whether a security update exists for the Home Clean Services Management System.
Implement robust server-side input validation and output encoding on register.php?link=register to neutralize or escape all user-supplied data before rendering.
Adopt proper HTML escaping (entity encoding) for any user-provided content reflected back in the UI; avoid allowing unsanitized input to be stored and later displayed as HTML.
Implement a Content Security Policy (CSP) and other anti-XSS headers to reduce the impact of any potential injection.
Introduce or tune a Web Application Firewall (WAF) with rules to detect and block XSS payloads, including common script tags and event handlers.
Enforce strict access controls around the registration functionality; ensure authenticated users have only the necessary privileges and consider additional authentication/authorization checks for the registration flow if applicable.
Conduct targeted testing using representative XSS payloads (including ...) to verify that input is properly sanitized and output is encoded.
Review logging and monitoring to detect attempted XSS payloads and alert on suspicious patterns.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low

Mining

Utilities

Information

Construction

Retail Trade

Manufacturing

Wholesale Trade

Educational Services

Finance and Insurance

Public Administration

Real Estate Rental and Leasing

Transportation and Warehousing