Cross-Site Scripting Vulnerability in Angular-UI Notification by Alexcrack
CVE-2023-34840

6.1MEDIUM

Key Information:

Vendor: Angular-ui-notification Project
Status: Angular-ui-notification
Vendor: CVE Published:; 30 June 2023

🔔 Create Angular-ui-notification Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-34840?

The angular-ui-notification library versions v0.1.0, v0.2.0, and v0.3.6 contain a cross-site scripting (XSS) vulnerability that can allow malicious actors to inject arbitrary scripts into web pages viewed by users. This can result in unauthorized actions on behalf of users, data theft, or other malicious activities. Developers using these affected versions are advised to update to the latest version to mitigate the risk of exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-34840
Created by Xh4H

References

http://alexcrack.com

https://github.com/alexcrack/angular-ui-notification

https://github.com/Xh4H/CVE-2023-34840

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2023
🟡
Public PoC available
Jun 27, 2023
👾
Exploit known to exist
Jun 27, 2023
Vulnerability Reserved
Jun 7, 2023

CVE-2023-34840 Data

JSON