- This topic has 0 replies, 1 voice, and was last updated Oct 27, 2025
08:12:30 by.
-
Posts
-
#40147
Hello Team,
I am using the PD4ML (Version 3115 licensed) in my application to export emails from the user interface to the PDF format. A security vulnerability has been detected in such emails having subject as “Test <iframe src=”file:///D:/sampleFile.txt” height=”1000px” width=”500px”>” or “Test <iframe src=”file:///etc/shadow” height=”1000px” width=”500px”>”, which when exported to PDF via PD4ML, leads to execution of this iframe, and the contents of that particular file specified in the path are also displayed/exported to the PDF.
This can lead to leakage of sensitive information like system level info to the user.Is there any way to prevent or block execution of such iframes so that the contents of the file are not displayed to the user. Please note that valid iframes in the email would need to be executed properly and such iframes like pointing to local file system or local files would need to be blocked.
is there a method available in PD4ML version 3 or in later versions.
Can you provide some guidance on how we can achieve this. This is a critical security vulnerability.
You must be logged in to reply to this topic.
