jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which a...

CVE-2026-25940 jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user ca...

PT-2026-20852

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.2.0 Description jsPDF is a JavaScript library used to generate PDF documents. Prior to version 4.2.0, the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions, through user-controll...

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of user input by the Acroform module, which could lead to the injection of arbitrary PDF...

CVE-2026-24737

A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker could exploit this vulnerability by providing unsanitized input to specific methods within the Acroform module, such as AcroformChoiceField.addOption or AcroFormCheckBox.appearanceState. This allows the attacke...

PT-2026-5791

Уязвимость модуля Acroform прикладного программного интерфейса библиотеки для создания PDF-файлов jsPDF связана с неправильным кодированием или экранированием выходных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный JavaScript-код при...

PT-2026-6463

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as...

Tracker Software PDF-XChange Editor 资源管理错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. Tracker Software PDF-XChange Editor suffers from a resource management error vulnerability that stems from the AcroForm module containing a post-release...

Foxit PDF Reader and Foxit PDF Editor Code Execution Vulnerability (CNVD-2024-29758)

Foxit PDF Reader is a PDF reader from China Foxit Foxit.Foxit PDF Editor is a PDF editor from China Foxit Foxit. Foxit PDF Reader and Foxit PDF Editor has a code execution vulnerability, the vulnerability stems from the AcroForm module has a reuse after release problem, an attacker can use the...

Foxit PDF Reader and Foxit PDF Editor Code Execution Vulnerability (CNVD-2024-29759)

Foxit PDF Reader is a PDF reader from China Foxit Foxit.Foxit PDF Editor is a PDF editor from China Foxit Foxit. Foxit PDF Reader and Foxit PDF Editor has a code execution vulnerability, the vulnerability stems from the AcroForm module has a reuse after release problem, an attacker can use the...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader has a code execution vulnerability that stems from a post-release reuse issue in the AcroForm module, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A security vulnerability exists in Foxit PDF Reader, which originates from a post-release reuse issue in the AcroForm module that could result in remote code execution...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from China Foxit Foxit.Foxit PDF Editor is a PDF editor from China Foxit Foxit. Foxit PDF Reader and Foxit PDF Editor has a code execution vulnerability, the vulnerability stems from the AcroForm module has a reuse after release problem, an attacker can use the...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A security vulnerability exists in Foxit PDF Reader, which originates from an out-of-bounds read in the AcroForm module...