Vulnerabilities
Vulnerable Software
Dhtmlx:  Security Vulnerabilities
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise. This issue was fixed in PDF Export Module version 0.7.6.
CVSS Score
10.0
EPSS Score
0.006
Published
2026-05-15
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF Export Module version 0.7.6.
CVSS Score
9.2
EPSS Score
0.005
Published
2026-05-15
Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.
CVSS Score
6.5
EPSS Score
0.007
Published
2025-02-07
Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.
CVSS Score
6.5
EPSS Score
0.005
Published
2025-02-07
Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "page" parameter.
CVSS Score
4.3
EPSS Score
0.052
Published
2013-10-25


Contact Us

Shodan ® - All rights reserved