Dhtmlx: >> Pdf Export Module >> 0.6.2 Security Vulnerabilities
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise.
This issue was fixed in PDF Export Module version 0.7.6.
CVSS Score
10.0
EPSS Score
0.003
Published
2026-05-15
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include
local files from the server and display them in the generated PDF.
This issue was fixed in PDF Export Module version 0.7.6.
CVSS Score
9.2
EPSS Score
0.0
Published
2026-05-15