angular-ui-notification Cross-site Scripting vulnerability

Description

angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.

Recommendation

No fix is available yet. Followings are affected versions:

• >= 0.1.0, <= 0.3.6

References

• GHSA-mrcj-5qxr-vhp2
• alexcrack.com
• CVE-2023-34840
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Vite's `server.fs` settings were not applied to HTML files - CVE-2025-58752
• Trix editor subject to XSS vulnerabilities on copy & paste - CVE-2024-53847
• Knwl.js Regular Expression Denial of Service vulnerability - CVE-2020-26306
• VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability - CVE-2024-29271

Tags:

npm

angular-ui-notification