7 matches found
CVE-2026-33943
A flaw was found in Happy DOM, a JavaScript implementation of a web browser. This vulnerability allows a remote attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions. The ECMAScriptModuleCompiler component fails to properly sanitize content within export...
CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...
CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...
CVE-2026-33943
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...
CVE-2026-33943
Happy DOM CVE-2026-33943 involves a code-injection vulnerability in the ECMAScriptModuleCompiler: in versions 15.10.0 through 20.8.7, unsanitized content within export { ... } in ES modules is interpolated into generated code as an executable expression, with backticks not removed, enabling templ...
PT-2026-28574
Name of the Vulnerable Software and Affected Versions Happy DOM versions 15.10.0 through 20.8.7 Description Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions 15.10.0 through 20.8.7 contain a code injection issue in the ECMAScriptModuleCompile...
ECMAScript modules in browsers
ES modules are now available in browsers! They're in… Safari 10.1. Chrome 61. Firefox 60. Edge 16. import addTextToBody from './utils.mjs'; addTextToBody'Modules are pretty cool.'; // utils.mjs export function addTextToBodytext const div = document.createElement'div'; div.textContent = text;...