The new code-injection technique essentially allows cybercriminals to inject code to launch dangerous XSS (cross-site scripting) attacks within the bounds of a PDF document.
Source: cyware.com