Lucene search
K

5 matches found

NVD
NVD
added 2026/03/27 10:16 p.m.8 views

CVE-2026-33943

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

9.8CVSS0.00788EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/27 9:15 p.m.7 views

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

8.8CVSS6.1AI score0.00788EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/27 9:15 p.m.31 views

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

8.8CVSS0.00788EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 10:22 p.m.3 views

GHSA-6Q6H-J7HJ-3R64 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

8.8CVSS6.1AI score0.00788EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/26 10:22 p.m.26 views

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

9.8CVSS7.6AI score0.00788EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder