Skip to main content

Student Information System CVE-2022-1819

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-05-24 cna@vuldb.com
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 24, 2022 - 06:15 nvd
MEDIUM 4.8

DescriptionNVD

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have been disclosed to the public.

AnalysisAI

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have been disclosed to the public. Affected products include: Student Information System Project Student Information System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-5008 CRITICAL POC
9.8 Dec 08

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter

CVE-2025-25948 CRITICAL POC
9.1 Mar 03

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Info

CVE-2023-5011 HIGH POC
8.8 Dec 20

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severi

CVE-2023-5010 HIGH POC
8.8 Dec 20

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severi

CVE-2023-5007 HIGH POC
8.8 Dec 20

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severi

CVE-2023-4122 HIGH POC
8.8 Dec 07

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-pr

CVE-2024-53636 MEDIUM POC
6.4 Apr 26

An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.

CVE-2020-13278 MEDIUM POC
6.1 Aug 12

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remo

CVE-2022-2797 CRITICAL
9.8 Aug 12

A vulnerability classified as critical was found in SourceCodester Student Information System. Rated critical severity (

CVE-2025-15053 MEDIUM POC
5.5 Dec 24

A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the

CVE-2025-25949 MEDIUM POC
5.4 Mar 03

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS

CVE-2025-15052 LOW POC
2.0 Dec 24

Cross-site scripting (XSS) via unsanitized firstname and lastname parameters in /profile.php of code-projects Student In

Share

CVE-2022-1819 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy