VYPR
Medium severity5.4NVD Advisory· Published May 2, 2023· Updated Jun 17, 2026

CVE-2023-31434

CVE-2023-31434

Description

The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • evasys/evasysdescription
  • Evasys/evasysllm-fuzzy
    Range: <8.2 Build 2286, <9.0 Build 2401

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.