2 matches found
CVE-2021-33041
vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require'childprocess'.execSync'calc.exe' on Windows and a similar attack on macOS...
CVE-2021-33041
CVE-2021-33041 affects vmd up to version 1.34.0, where attacker-supplied content containing div class="markdown-body" enables XSS. Documented demonstrations show Electron-based remote code execution via Electron’s require('child_process').execSync('calc.exe') on Windows, with a similar attack on ...