Medium severity5.4NVD Advisory· Published May 2, 2023· Updated Jun 17, 2026
CVE-2023-31434
CVE-2023-31434
Description
The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- evasys/evasysdescription
Patches
Vulnerability mechanics
References
1- cves.at/posts/cve-2023-31434/writeup/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.