jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" pr

Severity:: High

Description

User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions.

If given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option.

Recommendation

Update the jspdf package to the latest compatible version. Followings are version details:

Affected version(s): < 4.2.0
Patched version(s): 4.2.0

References

GHSA-p5xg-68wr-hm3m
CVE-2026-25940
CWE-116
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution - CVE-2026-24737
HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft - CVE-2026-46496
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method - CVE-2026-25755
jsPDF has a PDF Object Injection via FreeText color - CVE-2026-31898

How to Secure your NodeJs Express Javascript Application - part 2

How do hackers hack websites?

SmartScanner 2.3: Smarter JavaScript Detection, Faster Scans, and Powerful CLI Enhancements

Tags:: npm; jspdf

Anything's wrong? Let us know Last updated on March 11, 2026