CVE-2023-34840

MEDIUM

angular-ui-notification < 0.3.6 - Stored Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-34840. PoCs published by Xh4H.

AI-analyzed exploit summary This repository provides a detailed explanation of CVE-2023-34840, an XSS vulnerability in the angular-ui-notification library due to lack of input sanitization. It includes exploitation details and mitigation recommendations.

Description

angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.

Exploits (1)

nomisec WRITEUP 3 stars

by Xh4H · poc

https://github.com/Xh4H/CVE-2023-34840

View Code ZIP pw:eip

This repository provides a detailed explanation of CVE-2023-34840, an XSS vulnerability in the angular-ui-notification library due to lack of input sanitization. It includes exploitation details and mitigation recommendations.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: angular-ui-notification (versions 0.1.0, 0.2.0, 0.3.6)

No auth needed

Prerequisites: User input passed directly to the 'message' parameter in the library

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Broken Link

http://alexcrack.com

Exploit, Third Party Advisory

https://github.com/Xh4H/CVE-2023-34840

Product

https://github.com/alexcrack/angular-ui-notification

Scores

CVSS v3 6.1

EPSS 0.0031

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

angular-ui-notification_project/angular-ui-notification < 0.3.6

npm/angular-ui-notification 0.1.0npm

Published Jun 30, 2023

Tracked Since Feb 18, 2026