If a web page is creating a PDF using user controlled input, you can try to trick the bot that is creating the PDF into executing arbitrary JS code. So, if the PDF creator bot finds some kind of HTMLtags, it is going to interpret them, and you can abuse this behaviour to cause a Server XSS.