# Server Side XSS \(Dynamic PDF\)
## Server Side XSS \(Dynamic PDF\)
If a web page is creating a PDF using user controlled input, you can try to **trick the bot** that is creating the PDF into **executing arbitrary JS code**.
So, if the **PDF creator bot finds** some kind of **HTML** **tags**, it is going to **interpret** them, and you can **abuse** this behaviour to cause a **Server XSS**.
Please, notice that the `
```
### Path disclosure
```markup
```
### Load an external script
The best conformable way to exploit this vulnerability is to abuse the vulnerability to make the bot load a script you control locally. Then, you will be able to change the payload locally and make the bot load it with the same code every time.
```markup
')"/>
```
### Read local file
```markup
```
```markup