汇总 dhtmlx 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 路径处理缺陷与跨站脚本 相关,可能在 软件部署与生产负载 场景中带来 文件覆盖与会话劫持 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-41553 | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise. This issue was fixed in PDF Export Module version 0.7.6. | [email protected] | 10.0 | 0.25% | 2026-05-15 | 2026-05-18 |
| CVE-2026-41552 | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF Export Module version 0.7.6. | [email protected] | 9.2 | 0.04% | 2026-05-15 | 2026-05-19 |
| CVE-2024-55214 | Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality. | [email protected] | 6.5 | 0.13% | 2025-02-07 | 2025-09-15 |
| CVE-2024-55213 | Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function. | [email protected] | 6.5 | 0.15% | 2025-02-07 | 2025-09-15 |
| CVE-2013-6281 | Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "page" parameter. | [email protected] | 4.3 | 2.86% | 2013-10-25 | 2026-04-29 |