Primary

Context

DHTMLX PDF Export Module Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability has been identified in the PDF Export Module of DHTMLX's Gantt and Scheduler products, affecting versions 0.3.3 prior to 0.7.6. The vulnerability arises from inadequate HTML sanitization, allowing an unauthenticated user to craft an HTML payload that could include local files from the server, which would then be displayed in the generated PDF.

Impact

Exploitation of this vulnerability allows for unauthorized access to local files on the server, which could be read and potentially misused.

Remediation

Users can upgrade to PDF Export Module version 0.7.6 to address this vulnerability.

Added: May 15, 2026, 1:29 PM

Updated: May 15, 2026, 1:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DHTMLX PDF Export Module Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

DHTMLX PDF Export Module

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating