XSS in angular-ui-notification# CVE-2023-34840
## Vulnerability Explanation
All versions in [angular-ui-notification](https://github.com/alexcrack/angular-ui-notification) are vulnerable to XSS due to the library not sanitizing the input provided by the user.
In order to safely use this library, sanitizing / encoding the parameters passed to this library is **highly** recommended, such as the following:
```ts
private sanitizeHTML(str: string) {
return str.replace(/[^\w. ]/gi, (c) => `&#${c.charCodeAt(0)};`);
}
```
## Exploitation
Say the library has already been imported and is currently being used by a project. The usage of this library could look like the following:
```ts
private showNotification(message: string, delay: number, type: NotificationType) {
this.Notification.clearAll();
this.Notification[type]({
message,
delay,
replaceMessage: true
});
}
```
If frontend was to pass any user input directly to the `message` parameter, any `<script>` tag would be enough to perform an XSS attack.
A simple `<script>alert(1)</script>` would be enough.
## Tested on
- https://github.com/alexcrack/angular-ui-notification - 0.1.0
- https://github.com/alexcrack/angular-ui-notification - 0.2.0
- https://github.com/alexcrack/angular-ui-notification - 0.3.6
## Discovered by
Xh4H
## Final notes
The project does not seem to be maintained anymore, so I highly suggest using maintanted alternatives.
[4.0K] /data/pocs/4da02e7d4f56f6192122bcdae1e4ab89a2359ad6
└── [1.4K] README.md
0 directories, 1 file