PT-2026-41295 · Dhtmlx · Pdf Export Module
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
PDF Export Module versions prior to 0.7.6
Description
The PDF Export Module used in DHTMLX Gantt and Scheduler contains a path traversal flaw resulting from insufficient HTML sanitization. This allows an unauthenticated user to create a malicious HTML payload that includes local server files, which are then displayed within the generated PDF document.
Recommendations
Update to version 0.7.6.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pdf Export Module