jsPDF Acroform Module PDF Injection Vulnerability Allowing Arbitrary JavaScript Execution

A vulnerability in the jsPDF library's Acroform module prior to version 4.1.0 allows users to inject arbitrary PDF objects, including JavaScript actions, into PDF documents. This injection occurs through unsanitized input passed to specific methods and properties of the AcroformChoiceField, AcroFormCheckBox, and AcroFormRadioButton. The injected JavaScript is executed when the PDF is opened, potentially leading to cross-site scripting (XSS) attacks.

Impact

Exploitation of this vulnerability allows for PDF injection, where arbitrary JavaScript is executed when the document is opened, creating a cross-site scripting (XSS) risk.

Reproduction

To reproduce this vulnerability, create a PDF document using jsPDF version 4.0.0 or earlier. Add a choice field to the form and use the 'addOption' method to inject a payload that includes JavaScript actions, such as 'app.alert()'. Save the document and open it to execute the injected script.

Remediation

Users can update to jsPDF version 4.1.0 or later, where this vulnerability has been fixed.