CVE-2023-31434

MEDIUM

evasys < 8.2 Build 2286 and 9.x < 9.0 Build 2401 - Authenticated Stored Cross-Site Scripting via User Profile Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31434. PoCs published by trustcves.

AI-analyzed exploit summary This repository contains a detailed technical writeup for CVE-2023-31434, which describes stored and reflected XSS vulnerabilities in Evasys. The writeup includes proof-of-concept payloads, execution points, and a vendor contact timeline, demonstrating a thorough understanding of the vulnerability.

Description

The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.

Exploits (1)

nomisec WRITEUP
by trustcves · poc
https://github.com/trustcves/CVE-2023-31434

This repository contains a detailed technical writeup for CVE-2023-31434, which describes stored and reflected XSS vulnerabilities in Evasys. The writeup includes proof-of-concept payloads, execution points, and a vendor contact timeline, demonstrating a thorough understanding of the vulnerability.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Evasys v8.2 Build 2275-2285 and v9.0 Build 2400
Auth required
Prerequisites: Access to user profile fields or a Trainer role
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://cves.at/posts/cve-2023-31434/writeup/

Scores

CVSS v3 5.4
EPSS 0.0047
EPSS Percentile 36.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
evasys/evasys 8.2
evasys/evasys 9.0
Published May 02, 2023
Tracked Since Feb 18, 2026