CVE-2023-34840: GitHub - Xh4H/CVE-2023-34840: XSS in angular-ui-notification

CVE-2023-34840****Vulnerability Explanation

All versions in angular-ui-notification are vulnerable to XSS due to the library not sanitizing the input provided by the user.

In order to safely use this library, sanitizing / encoding the parameters passed to this library is highly recommended, such as the following:

private sanitizeHTML(str: string) { return str.replace(/[^\w. ]/gi, © => `&#${c.charCodeAt(0)};`); }

Exploitation

Say the library has already been imported and is currently being used by a project. The usage of this library could look like the following:

private showNotification(message: string, delay: number, type: NotificationType) { this.Notification.clearAll();

this.Notification[type]({ message, delay, replaceMessage: true }); }

If frontend was to pass any user input directly to the message parameter, any <script> tag would be enough to perform an XSS attack.

A simple <script>alert(1)</script> would be enough.

Tested on

• https://github.com/alexcrack/angular-ui-notification - 0.1.0
• https://github.com/alexcrack/angular-ui-notification - 0.2.0
• https://github.com/alexcrack/angular-ui-notification - 0.3.6

Discovered by

Xh4H

Final notes

The project does not seem to be maintained anymore, so I highly suggest using maintanted alternatives.